船舶导航系统入侵检测中持续性威胁防御方法

Research on persistent threat defense in intrusion detection of ship navigation system

现有的持续性威胁防御方法存在着防御性能低下的弊端,为了解决此问题,提出船舶导航系统入侵检测中持续性威胁防御方法研究。为了增加持续性威胁的防御有效率,引入多极端点取证和响应体系对持续性威胁防御方法进行设计。利用多极端点取证方法对持续性威胁证据链进行提取,以船舶导航系统安全运行状态变化的敏感程度为界限,将持续性威胁证据链与持续性威胁特点进行有机的结合,对持续性威胁进行融合诊断,根据得到的诊断决策,采用端点响应方法对持续性威胁进行响应,实现了船舶导航系统入侵检测中持续性威胁的防御。通过对比实验发现,相较于持续性威胁沙箱防御方法与基于漏洞诱饵的持续性威胁防御方法来说,设计的持续性威胁防御方法降低了防御时间,提升了防御有效率,充分说明设计的持续性威胁防御方法具备更好的防御性能。

The existing methods of persistent threat defense have the drawback of low defense performance.To solve this problem,this paper proposes a method of persistent threat defense in ship navigation system intrusion detection.In order to increase the defense efficiency of persistent threat,multi-extreme point forensics and response system is introduced to design the defense method of persistent threat.Multi-extreme point forensic method is used to extract evidence chain of persistent threat.Taking the sensitivity of ship navigation system to the change of safe operation state as the limit,the evidence chain of persistent threat is organically combined with the characteristics of persistent threat.The diagnosis of persistent threat is fused.According to the diagnosis decision,the endpoint response method is used to respond to persistent threat.It realizes the defense of persistent threat in intrusion detection of ship navigation system.Through comparative experiments,it is found that compared with the persistent threat sandbox defense method and the persistent threat defense method based on vulnerability bait,the designed persistent threat defense method reduces the defense time,improves the defense efficiency,fully demonstrates that the designed persistent threat defense method has better defense performance.