多操作系统拓扑网络潜在多步攻击实时检测  

Real-Time Detection of Potential Multi-Step Attacks on Multi-Operating System Topology Networks

在线阅读下载全文

作  者:肖堃 金宙贤 XIAO Kun;JIN Zhou-xian(School of Information and Software Engineering,University of Electronic Science and Technology of China,Chengdu Sichuan 610054,China;School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu Sichuan 611731,China)

机构地区:[1]电子科技大学信息与软件工程学院,四川成都610054 [2]电子科技大学计算机科学与工程学院,四川成都611731

出  处:《计算机仿真》2020年第12期455-459,共5页Computer Simulation

基  金:国家电网公司总部科技项目(546816190004)。

摘  要:传统的攻击检测方法难适应网络攻击的动态变化,导致网络安全性能下降。对此,针对多操作系统拓扑网络设计了一种潜在多步攻击实时检测方法。首先,结合多操作系统拓扑网络建立威胁发生概率模型,并计算目标网络中各个对象的安全风险指数。然后对多步攻击实施分层分类,并分析网络攻击的相关性。在构建多步攻击识别模块的基础上,对多步攻击实时检测。这一过程中,利用攻击图实施报警关联,并运用逻辑攻击图生成器与攻击流量拓扑图生成器实施准确匹配,从而快速挖掘攻击路径,更新最大可能的攻击路径。实验结果表明:与传统方法相比,新的检测方法具有较强的实时性和应用性能。Traditionally,the attack detection methods are difficult to match with the dynamic changes of network attacks,leading to the destruction of network security performance.Therefore,a real-time detection method of po-tential multi-step attack is designed.First of all,combining with multi operating system topology network,the prob-ability model of threat occurrence was established,and the security risk index of each object in the target network was calculated.Secondly,the multi-step attacks were classified into layers,and the network attack correlation was ana-lyzed.In the construction of multi-step attack identification module,it is necessary to detect multi-step attack in real time.During this process,the alarm association was implemented through attack graph,and the logic attack graph generator and attack traffic topology graph generator were used to implement accurate matching.Finally,the at-tack path was quickly mined and updated as much as possible.The results show that the novel detection method has excellent real-time performance and applicability.

关 键 词:多操作系统 拓扑网络 发生概率模型 多步攻击 攻击路径 

分 类 号:TP392[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象