针对入侵检测分析的Petri网建模技术研究  被引量:2

STUDY ON PETRI NET MODELLING TECHNOLOGY FOR INTRUSION DETECTION

在线阅读下载全文

作  者:李勇[1] 王文奇[2] 史豪斌[3] 

机构地区:[1]安阳师范学院物理与电气工程学院,河南安阳455002 [2]中原工学院计算机学院,河南郑州450007 [3]西北工业大学计算机学院,陕西西安710072

出  处:《计算机应用与软件》2015年第11期301-304,316,共5页Computer Applications and Software

基  金:国家自然科学基金项目(61003129);河南省科技攻关计划项目(082102210082;082102210092)

摘  要:为有效降低检测的误警率和重复报警率,在前期研究的基础上,提出针对入侵检测分析的面向对象确定性变迁Petri网模型。将面向对象和Petri网技术有机结合起来,并进行形式化描述,就对象实例化和销毁机制进行了定义并对其确定性变迁进行了规则描述,提出可变信令和不变信令使之更适合描述入侵行为的状态。利用该技术建立扫描攻击、Mitnick攻击等几个简单攻击和复合攻击分析模型;讨论利用XML技术表示面向对象Petri网模型的方法。最后实验结果表明该模型对各种复杂攻击有良好的表示能力,相对于已有研究,更便于使用而实用化。In order to effectively reduce false positive rate and repetitive rate on intrusion detection, based on our earlier research, we proposed an object-oriented determined transition Petri net model (OODTP) for intrusion detection analysis. We combined the object-oriented and Petri net technologies in an organic way and made the formalised description. For the mechanisms of objects instantiation and destroy, we gave the definition, and described the rules of determined transition as well. We also presented the variable token and immutable token and made them more appropriate to describe the state of intrusion behaviour. Using this technology we built several analysis models for simple attack and multi-step attack such as scanning attack and Mitnick attack, etc. We discussed the approach for expressing object-oriented Petri net model with XML technology. At last we gave the experimental results. Practices demonstrated that the model had good representation capability on various multi-step attacks, relative to existing research, it was more convenient in use and was practical as well.

关 键 词:面向对象PETRI网 确定性变迁 入侵检测 复合攻击 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象