基于关联序列分析的协同攻击检测方法研究

Coordinated Attack Detection Based on Association Analysis

由于协同攻击的复杂性 ,使传统检测方法难以对其进行有效地检测。在对协同攻击行为的层次性和关联性的分析基础上 ,使用条件关联方法对协同攻击进行检测。提出了一种适于进行关联分析的攻击表达方式和攻击动作链条的搜索方法。实验结果表明该方法可有效的将协同攻击链分离出来。

The complexity of coordinated attacks is difficult to detect efficiently by using the traditional methods such as misuse detection and anomaly detection.The coordinated attack is composed of many attack behaviors,among which there are some kinds of association.Based on the research work on the hierarchy and reciprocity of attack behaviors,this paper provides a solution for detecting coordinated attack with the conditional association method.A kind of attack representation that is suitable to association analysis has been introduced and the results of experiments have proved the feasibility of this method.