摘要
传统的攻击检测方法难适应网络攻击的动态变化,导致网络安全性能下降。对此,针对多操作系统拓扑网络设计了一种潜在多步攻击实时检测方法。首先,结合多操作系统拓扑网络建立威胁发生概率模型,并计算目标网络中各个对象的安全风险指数。然后对多步攻击实施分层分类,并分析网络攻击的相关性。在构建多步攻击识别模块的基础上,对多步攻击实时检测。这一过程中,利用攻击图实施报警关联,并运用逻辑攻击图生成器与攻击流量拓扑图生成器实施准确匹配,从而快速挖掘攻击路径,更新最大可能的攻击路径。实验结果表明:与传统方法相比,新的检测方法具有较强的实时性和应用性能。
Traditionally,the attack detection methods are difficult to match with the dynamic changes of network attacks,leading to the destruction of network security performance.Therefore,a real-time detection method of po-tential multi-step attack is designed.First of all,combining with multi operating system topology network,the prob-ability model of threat occurrence was established,and the security risk index of each object in the target network was calculated.Secondly,the multi-step attacks were classified into layers,and the network attack correlation was ana-lyzed.In the construction of multi-step attack identification module,it is necessary to detect multi-step attack in real time.During this process,the alarm association was implemented through attack graph,and the logic attack graph generator and attack traffic topology graph generator were used to implement accurate matching.Finally,the at-tack path was quickly mined and updated as much as possible.The results show that the novel detection method has excellent real-time performance and applicability.
作者
肖堃
金宙贤
XIAO Kun;JIN Zhou-xian(School of Information and Software Engineering,University of Electronic Science and Technology of China,Chengdu Sichuan 610054,China;School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu Sichuan 611731,China)
出处
《计算机仿真》
北大核心
2020年第12期455-459,共5页
Computer Simulation
基金
国家电网公司总部科技项目(546816190004)。
关键词
多操作系统
拓扑网络
发生概率模型
多步攻击
攻击路径
Multiple operating systems
Topological network
Occurrence probability model
Multi-step attack
Attack path
