摘要
针对典型电力信息系统的网络威胁定量评估问题,提出了基于网络入侵检测系统(network intrusion detection syetem,NIDS)报警信息和隐马尔可夫模型的网络威胁动态分析方法 HMMNIDS。该方法充分利用NIDS报警信息,从优先级、严重度、资产值和可信度4个方面分析NIDS报警信息,给出了报警威胁定量描述和分类方法,优化了隐马尔可夫模型中的观测矩阵;基于贝叶斯网络分析攻击成功的可信度,避免NIDS误警信息干扰;基于改进的隐马尔可夫模型,融合得到系统的动态风险量化值。基于Darpa2000实验场景模拟DDoS攻击,通过对比实验,验证了所提方法的有效性和优越性。
Aiming at the problem of network threat quantitative evaluation of typical power information system,a network threat dynamic analysis method hmm-ids based on network intrusion detection syetem(NIDS) alarm information and hidden Markov model was proposed in this paper.NIDS alarm information was fully used to analyzes alarm threats from four aspects:priority,severity,asset value and reliability.A quantitative description and classification method of alarm threats were given and the observation matrix in hidden Markov model was optimized.The reliability of successful attack based on Bayesian network was analyzed,which avoided the interference of NIDS false alarm information.Based on the improved hidden Markov model,the dynamic risk quantification value of the system was obtained by fusion.DDoS attacks were simulated based on DARPA2000 experimental scenario.Through comparative experiments,the effectiveness and superiority of the proposed method were verified.
作者
苏鹏涛
吴贶
陈孟婕
张雪芹
SU Pengtao;WU Kuang;CHEN Mengjie;ZHANG Xueqin(Shanghai Shineenergy Information Technology Development Co.,Ltd.,Shanghai 200025,China;Shanghai Zhida Technology Development Co.,Ltd.,Shanghai 200433,China;School of Information Science and Engineering,East China University of Science and Technology,Shanghai 200237,China)
出处
《上海理工大学学报》
CAS
CSCD
北大核心
2022年第4期388-396,416,共10页
Journal of University of Shanghai For Science and Technology
关键词
电力信息系统
威胁定量分析
隐马尔可夫
入侵报警
贝叶斯网络
power information system
quantitative threat analysis
hidden Markov
intrusion alarm
Bayesian network
