支持告警序列差分隐私保护的网络入侵关联方法  被引量:9

Network Intrusion Correlation Method with Differential Privacy Protection of Alerts Sequence

在线阅读下载全文

作  者:李洪成[1] 吴晓平[1] LI Hongcheng;WU Xiaoping(Department of Information Security, Naval University of Engineering, Wuhan 430033, Chin)

机构地区:[1]海军工程大学信息安全系,武汉430033

出  处:《计算机工程》2018年第5期128-132,共5页Computer Engineering

基  金:国家自然科学基金(61672531)

摘  要:在网络入侵情报协同分析过程中,告警数据的共享使被攻击者面临隐私泄露的风险。针对现有告警信息隐私保护方法无法应对背景知识下恶意分析的问题,提出一种新的网络告警关联分析方法。以原始告警序列数据集作为输入,利用Laplace机制构建支持差分隐私保护的噪声告警序列前缀树。在此基础上,通过遍历噪声前缀树生成泛化告警序列数据集,使用频繁序列挖掘算法实现告警关联。从理论角度证明该方法支持ε-差分隐私保护,并在典型多步攻击场景LLDoS1.0 inside数据集上进行验证。实验结果表明,该方法在保护告警序列隐私的同时,能够提高告警关联准确性。In the cooperative analysis of intrusion information of networks,the sharing of alerts data will bring the risks of privacy leaks to the attacked ones. Considering that the existing methods for protecting the privacy of alerts information cannot be able to deal with malware analysis with arbitrary background knowledge,a new correlation method for network alerts based on differential privacy protection is presented. The origin alert sequences dataset is the input and the Laplace mechanism is used to build the noisy prefix tree which supporting differential privacy protection. On this basis,the sanitized alert sequences dataset is generated by traversing the noisy prefix tree,and the alerts are correlated by mining frequent sequences. Moreover,this method is proved theoretically that it is able to fulfill ε-differentially private. An experiment is conducted with LLDoS1. 0 inside traffic dataset, and the result demonstrates that the proposed method can remain available in the process of preserving privacy.

关 键 词:入侵检测 告警关联 差分隐私保护 频繁序列挖掘 前缀树 

分 类 号:TP309.7[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象