基于贝叶斯攻击图的网络入侵意图识别方法  被引量：19

作　　者：王洋[1] 吴建英 黄金垒 胡浩[1] 刘玉岭[3,4] WANG Yang;WU Jianying;HUANG Jinlei;HU Hao;LIU Yuling(The Third Institute,Information Engineering University,Zhengzhou 450001,China;Cyber Security Guard,Beijing Public Security Bureau,Beijing 100010,China;Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 101408,China)

机构地区：[1]信息工程大学三院,郑州450001 [2]北京市公安局网络安全保卫总队,北京100010 [3]中国科学院软件研究所可信计算与信息保障实验室,北京100190 [4]中国科学院大学网络空间安全学院,北京101408

出　　处：《计算机工程与应用》2019年第22期73-79,共7页Computer Engineering and Applications

基　　金：国家自然科学基金（No.61902427,No.61471344）;国家“863”高技术研究发展计划（No.2015AA016006）;国家重点研发计划（No.2016YFF0204002,No.2016YFF0204003）;郑州市科技领军人才项目（No.131PLJRC644）;“十三五”装备预研领域基金;CCF-启明星辰“鸿雁”科研计划（No.2017003）

摘　　要：现有入侵意图识别方法对报警证据的有效性缺乏考虑,影响了入侵意图识别的准确性。为此提出基于贝叶斯攻击图的入侵意图识别方法。首先建立贝叶斯攻击图模型,然后通过定义报警的置信度及报警间的关联强度,去除低置信水平的孤立报警;根据提取到的有效报警证据进行贝叶斯后验推理,动态更新攻击图中各状态节点遭受攻击的概率,识别网络中已发生和潜在的攻击行为。实验结果表明,该方法能有效提取报警证据,提高网络入侵预测的准确性。The existing intrusion intention recognition methods lack the validity consideration of alert evidence, which affects the recognition accuracy. Therefore, the intrusion intention recognition method based on Bayesian attack graph is proposed. Firstly, the model of Bayesian attack graph is constructed, and then the isolated alerts with low confidence are removed by setting the alert confidence and correlation strength. Secondly, the Bayesian posteriori reasoning is performed based on the extracted effective alert evidence. Furthermore, the probability of each state node being attacked is dynamically updated in the attack graph, which aims to identify the previous and potential attack behaviors in the network. Finally,the experimental results show that the proposed method can effectively extract the alert evidence and improve the prediction accuracy of the network intrusion.

关 键 词：意图识别 贝叶斯攻击图 漏洞利用 报警置信度 报警关联强度 

分 类 号：TP393.8[自动化与计算机技术—计算机应用技术]