ISDTM, based on an augmented Allen's interval temporal logic (ITL) and first-order predicate calculus, is a formal temporal model for representing intrusion signatures. It is augmented with some real time extensio...ISDTM, based on an augmented Allen's interval temporal logic (ITL) and first-order predicate calculus, is a formal temporal model for representing intrusion signatures. It is augmented with some real time extensions which enhance the expressivity. Intrusion scenarios usually are the set of events and system states, where- the temporal sequence is their basic relation. Intrusion signatures description, therefore , is to represent such temporal relations in a sense. While representing these signatures, ISDTM decomposes the intrusion process into the sequence of events according to their relevant intervals, and then specifies network states in these Intervals. The uncertain intrusion signatures as well as basic temporal modes of events, which consist of the parallel mode, the sequential mode and the hybrid mode, can be succinctly and naturally represented in ISDTM. Mode chart is the visualization of intrusion signatures in ISDTM, which makes the formulas more readable. The intrusion signatures descriptions in ISDTM have advantages of compact construct, concise syntax, scalability and easy implementation.展开更多
With the rapid development of mobile Internet, people pay increasing attention to the wireless network security problem. But due to the specificity of the wireless network, at present it is rare to see the research of...With the rapid development of mobile Internet, people pay increasing attention to the wireless network security problem. But due to the specificity of the wireless network, at present it is rare to see the research of wireless intrusion alerts clustering method for mobile Internet. This paper proposes a Wireless Intrusion Alert Clustering Method(WIACM) based on the information of the mobile terminal. The method includes alert formatting, alert reduction and alert classification. By introducing key information of the mobile terminal device, this method aggregates the original alerts into hyper alerts. The experimental results show that WIACM would be appropriate for real attack scenarios of mobile Internet, and reduce the amount of alerts with more accuracy of alert analysis.展开更多
基金the National Natural Science Foundation of China(60073074)
文摘ISDTM, based on an augmented Allen's interval temporal logic (ITL) and first-order predicate calculus, is a formal temporal model for representing intrusion signatures. It is augmented with some real time extensions which enhance the expressivity. Intrusion scenarios usually are the set of events and system states, where- the temporal sequence is their basic relation. Intrusion signatures description, therefore , is to represent such temporal relations in a sense. While representing these signatures, ISDTM decomposes the intrusion process into the sequence of events according to their relevant intervals, and then specifies network states in these Intervals. The uncertain intrusion signatures as well as basic temporal modes of events, which consist of the parallel mode, the sequential mode and the hybrid mode, can be succinctly and naturally represented in ISDTM. Mode chart is the visualization of intrusion signatures in ISDTM, which makes the formulas more readable. The intrusion signatures descriptions in ISDTM have advantages of compact construct, concise syntax, scalability and easy implementation.
基金partially supported by the Zhejiang Provincial Natural Science Foundation of China(No.LY16F020010)the Zhejiang Key Discipline Fund of Computer Applied Technology(No.pd2013457)the Hangzhou Science&Technology Development Project of China(No.20140533B13)
文摘With the rapid development of mobile Internet, people pay increasing attention to the wireless network security problem. But due to the specificity of the wireless network, at present it is rare to see the research of wireless intrusion alerts clustering method for mobile Internet. This paper proposes a Wireless Intrusion Alert Clustering Method(WIACM) based on the information of the mobile terminal. The method includes alert formatting, alert reduction and alert classification. By introducing key information of the mobile terminal device, this method aggregates the original alerts into hyper alerts. The experimental results show that WIACM would be appropriate for real attack scenarios of mobile Internet, and reduce the amount of alerts with more accuracy of alert analysis.