检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]西安交通大学电子与信息工程学院
出 处:《西安交通大学学报》2008年第8期931-935,共5页Journal of Xi'an Jiaotong University
基 金:国家自然科学基金资助项目(60633020,60473136,60373105);国家高技术研究发展计划资助项目(2006BAH02A24-2,2006BAK11B02,2007AA01Z475);国家“二四二”信息安全计划资助项目(2006C26)
摘 要:为了能在攻击目标受损之前检测到攻击事件,提出了面向网络行为因果关联的攻击检测方法.该方法基于SNMP管理信息库数据,根据攻击目标的异常行为,首先利用Granger因果关联检验(GCT)从检测变量中挖掘出与异常变量存在整体行为关联的基本攻击变量,然后针对异常行为特征再次利用GCT从基本攻击变量中挖掘出与异常变量存在局部行为关联的攻击变量,最后根据攻击变量和异常变量之间的因果关系,构建面向攻击方检测的攻击关联规则.在Trin00 UDP Flood检测实验中,所提方法成功挖掘出攻击变量udp Out Datagram,取得了满意的检测效果.实验结果表明,该方法能够在攻击方检测到攻击事件,为及时阻止攻击过程向攻击目标进一步扩散提供预警.An SNMP MIB oriented approach based on causality in network behavior is presented in order to detect attack before the security of target is damaged. According to the behavior of an abnormal variable in target, Granger causality test (GCT) is used to find preliminary attacking variables which are causality relevant to the abnormal variable in whole network behavior. Depending on the behavior features hidden in the abnormal behavior, GCT is used again to recognize attacking variables which are causality relevant to the abnormal variable in local network behavior. The causality between attacking variables and the abnormal variable is then used to construct detecting rules, which are oriented to attacker, udpOutDatagrams acting as attacking variable are recognized successfully and detection results are acquired well in the test of Trin00 UDP Flood. The experiment results show that the approach can effectively detect attacks from attackers, which has effect on blocking the pervasion of attacking procedure to target.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.14.64.102