检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
出 处:《海军工程大学学报》2018年第1期40-45,共6页Journal of Naval University of Engineering
基 金:国家自然科学基金资助项目(61672531);湖北省自然科学基金资助项目(2015CFC867)
摘 要:针对传统攻击轨迹识别方法处理时序数据效率较低且无法全面反映告警各维属性变化规律的不足,首先基于前缀-投影思想,设计了不产生候选集的频繁告警属性序列挖掘算法;然后,利用时间窗分割全局攻击类型序列和全局攻击目标序列,挖掘出网络中频繁攻击行为序列和频繁攻击目标序列,并利用目的IP分割全局攻击类型序列,挖掘出针对单个主机的组合攻击模式,进而全面识别网络和主机上的攻击轨迹;最后,在典型分布式拒绝服务攻击场景LLDoS1.0inside的流量数据集中验证了以上方法的有效性。The traditional recognizing methods for attack paths are inefficient to deal with temporal data and unable to reflect the regulation of each attribute of the alerts comprehensively. To solve this problem, a recognizing method for attack paths is proposed based on frequent sequences and multi-dimensional correlation. Firstly, based on the thought of prefix-shadow, a method for mining frequent alert attribute sequences is designed without using candidate sets. Then, the overall attack type se-quences and the overall attack target sequences are segmented by time windows, thus mining the fre-quent attack action sequences and frequent attack target sequences. The overall attack type sequences are cut apart by destination IP, thus mining the patterns of combined attacks aiming at a single host. So the attack paths on both the networks and the hosts can be recognized comprehensively. Finally, an experiment on LLDoSl.O traffic data set shows that the proposed method is effective.
关 键 词:入侵检测 攻击轨迹识别 频繁序列挖掘 多维关联 序列分割
分 类 号:TP309.7[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.223.188.252