基于描述文本的网络攻击自动化分类是实现APT攻击知识智能抽取的重要基础。针对网络攻击文本专业词汇多、难识别,语义上下文依赖强、难判断等问题提出一种基于上下文语义分析的文本词句特征自动抽取方法,通过构建BERT与BiLSTM的混合神...基于描述文本的网络攻击自动化分类是实现APT攻击知识智能抽取的重要基础。针对网络攻击文本专业词汇多、难识别,语义上下文依赖强、难判断等问题提出一种基于上下文语义分析的文本词句特征自动抽取方法,通过构建BERT与BiLSTM的混合神经网络模型BBNN(BERT and BiLSTM Neural Network),计算得到网络攻击文本的初步分类结果,再利用方差过滤器对分类结果进行自动筛选。在CAPEC(Common Attack Pattern Enumeration and Classification)攻击知识库上的实验结果显示,该方法的准确率达到了79.17%,相较于单一的BERT模型和BiLSTM模型的分类结果分别提高了7.29%和3.00%,实现了更好的网络攻击文本自动化分类。展开更多
New precisely cooperative attacks, such as the coordi- nated cross plane session termination (CXPST) attack, need thou- sands upon thousands machines to attack diverse selected links simultaneously with the given ra...New precisely cooperative attacks, such as the coordi- nated cross plane session termination (CXPST) attack, need thou- sands upon thousands machines to attack diverse selected links simultaneously with the given rate. However, almost all command and control(C&C) mechanisms only provide publishing one com- mand to the whole once, so-called one-to-all C&C model, and are not productive to support CXPST-alike attacks. In this paper, we present one-to-any C&C model on coordination among the unco- operative controlled nodes. As an instance of one-to-any C&C model, directional command publishing (DCP) mechanism lever- aging on Kademlia is provided with a range-mapping key creating algorithm for commands to compute the publishing range and a statistically stochastic node querying scheme to obtain the com- mands immediately. With theoretical analysis and simulation, it is indicated that one-to-any C&C model fits for precisely coordi- nated operation on uncooperative controlled nodes with least complexity, better accuracy and efficiency. Furthermore, DCP mechanism can support one-to-all command publishing at the same time. As an example of future C&C model, studying on one-to-any C&C model may help to promote the development of more efficient countermeasures.展开更多
For the issue of the discretionary access control(DAC) model safety analysis,a logic method is proposed.This method takes the GD model as the classic DAC model and Prolog as the basic language to describe system sta...For the issue of the discretionary access control(DAC) model safety analysis,a logic method is proposed.This method takes the GD model as the classic DAC model and Prolog as the basic language to describe system states and state transfer rules.A general program based on this logic method is proposed for DAC safety analysis,but this program may never be terminal for some safety analysis goal.The safety analysis algorithm is achieved by simplifying the general program according to the property of the DAC model state transfer rules.This safety analysis algorithm is easier to understand and implement than the previous algorithms and its time complexity is O(N+M+T),in which N,M,and T are the numbers of the rights with copy flag,the policies for right transferring,and the policies for right permitting,respectively.展开更多
文摘基于描述文本的网络攻击自动化分类是实现APT攻击知识智能抽取的重要基础。针对网络攻击文本专业词汇多、难识别,语义上下文依赖强、难判断等问题提出一种基于上下文语义分析的文本词句特征自动抽取方法,通过构建BERT与BiLSTM的混合神经网络模型BBNN(BERT and BiLSTM Neural Network),计算得到网络攻击文本的初步分类结果,再利用方差过滤器对分类结果进行自动筛选。在CAPEC(Common Attack Pattern Enumeration and Classification)攻击知识库上的实验结果显示,该方法的准确率达到了79.17%,相较于单一的BERT模型和BiLSTM模型的分类结果分别提高了7.29%和3.00%,实现了更好的网络攻击文本自动化分类。
基金Supported by the National Natural Science Foundation of China(61402526,61502528)
文摘New precisely cooperative attacks, such as the coordi- nated cross plane session termination (CXPST) attack, need thou- sands upon thousands machines to attack diverse selected links simultaneously with the given rate. However, almost all command and control(C&C) mechanisms only provide publishing one com- mand to the whole once, so-called one-to-all C&C model, and are not productive to support CXPST-alike attacks. In this paper, we present one-to-any C&C model on coordination among the unco- operative controlled nodes. As an instance of one-to-any C&C model, directional command publishing (DCP) mechanism lever- aging on Kademlia is provided with a range-mapping key creating algorithm for commands to compute the publishing range and a statistically stochastic node querying scheme to obtain the com- mands immediately. With theoretical analysis and simulation, it is indicated that one-to-any C&C model fits for precisely coordi- nated operation on uncooperative controlled nodes with least complexity, better accuracy and efficiency. Furthermore, DCP mechanism can support one-to-all command publishing at the same time. As an example of future C&C model, studying on one-to-any C&C model may help to promote the development of more efficient countermeasures.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2007AA01Z471)
文摘For the issue of the discretionary access control(DAC) model safety analysis,a logic method is proposed.This method takes the GD model as the classic DAC model and Prolog as the basic language to describe system states and state transfer rules.A general program based on this logic method is proposed for DAC safety analysis,but this program may never be terminal for some safety analysis goal.The safety analysis algorithm is achieved by simplifying the general program according to the property of the DAC model state transfer rules.This safety analysis algorithm is easier to understand and implement than the previous algorithms and its time complexity is O(N+M+T),in which N,M,and T are the numbers of the rights with copy flag,the policies for right transferring,and the policies for right permitting,respectively.