摘要
针对传统可视化跟踪方法对定量评估网络攻击造成身份快速追踪结果不精准的问题,提出一种基于网络熵的网络攻击身份快速追踪方法。归一化处理信道利用率和网络延迟指标,结合网络熵定量评估网络攻击效果。根据查询式追踪数据包结构制定基于网络熵的自适应协同追踪机制,确定信息标记域、信息领域和跟踪标记域。通过初步协同追踪,确定攻击报警的特征信息,结合深度协同追踪步骤,重构出攻击路径,实现快速追踪。实验结果表明,该方法在DDoS攻击模式下网络攻击身份、传输路径和异常高低点均与实际数据一致,具有精准追踪结果。
Aiming at the problem that the traditional visual tracking method causes inaccurate identity tracking results in the quantitative evaluation of network attacks, a network attack identity tracking method based on network entropy is proposed. The channel utilization and network delay indexes are normalized, and the network attack effect is quantitatively evaluated combined with network entropy. According to the query tracking packet structure, an adaptive collaborative tracking mechanism based on network entropy is developed to determine the information tag domain, information domain and tracking tag domain. Through preliminary cooperative tracking, the characteristic information of attack alarm is determined. Combined with the steps of deep cooperative tracking, the attack path is reconstructed to realize fast tracking. The experimental results show that the network attack identity,transmission path and abnormal high and low points are consistent with the actual data in the DDoS attack mode, and the method has accurate tracking results.
作者
樊凯
冯国聪
刘祥
FAN Kai;FENG Guo-cong;LIU Xiang(China Southern Power Grid Co.,Ltd.,Guangzhou 510000 China;China Southern Power Grid Digital Grid Research Institute Co.,Ltd.,Guangzhou 510663 China)
出处
《自动化技术与应用》
2022年第12期101-104,151,共5页
Techniques of Automation and Applications
关键词
网络熵
网络攻击
身份快速追踪
定量评估
network entropy
cyber attacks
rapid identity tracking
quantitative evaluation
