一种基于概率转移的Cyber攻击场景感知推理技术  被引量:2

Cyber Attack Scenario Awareness and Inference Based on Probability Transition

在线阅读下载全文

作  者:冯学伟[1,2] 况晓辉[1,2] 孙晓霞[1,2] 

机构地区:[1]信息系统安全技术重点实验室,北京100101 [2]北京系统工程研究所,北京100101

出  处:《指挥与控制学报》2015年第1期62-67,共6页Journal of Command and Control

摘  要:态势感知是实现网络空间指挥与控制的重要基础之一,它强调的是如何从局部、琐碎、分散的信息中,分析、识别网络空间中当前正在发生的攻击行为及其属性,形成高层态势知识,以辅助指挥员决策.针对Cyber态势感知中攻击场景感知推理这一难题,本文提出了一种基于概率转移的Cyber攻击场景感知推理技术.该技术基于滑动窗口对传感器生成的原始告警流进行聚类分析,通过挖掘各个相关性类簇推理生成当前网络空间中正在发生的攻击场景,利用马尔科夫链对攻击场景进行形式化表示形成网络空间中的安全态势.基于Zeus僵尸网络的实验,验证了该技术的可行性和先进性.Cyber situation awareness is one of the foundations to achieve command and control in cyberspace, which aims to identify the attack behaviors appearing in cyberspace from partial, trivial and distributed information. It can provide high level situation knowledge for commanders and assist them to make reasonable decisions. In order to solve the problem of attack scenario awareness and inference, a cyber-attack scenario awareness and inference technology based on probability transition is proposed in this paper. Firstly, the alert stream is clustered based on the sliding window. Then after analyzing the cluster sets, various attack scenarios appearing in cyberspace are inferred and generated. We use the Markov chain model to represent attack scenarios, the cyber-attack situation can be presented to commanders directly in this way. Finally, we test and assess the approaches proposed in this paper based on the botnet of Zeus, and the experimental results show that the approaches are feasible and advanced.

关 键 词:网络空间 攻击场景 态势感知 概率转移 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象