基于因果知识和时空关联的云平台攻击场景重构  被引量:4

Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal-Spatial Correlation

在线阅读下载全文

作  者:王文娟 杜学绘 任志宇 单棣斌 WANG Wen-juan;DU Xue-hui;REN Zhi-yu;SHAN Di-bin(PLA Strategic Support Force Information Engineering University,Zhengzhou 450001,China)

机构地区:[1]中国人民解放军战略支援部队信息工程大学,郑州450001

出  处:《计算机科学》2021年第2期317-323,共7页Computer Science

基  金:国家自然科学基金项目(61802436);国家重点研发计划课题(2016YFB050190104)。

摘  要:云计算环境下的攻击行为逐步表现出隐蔽性强、攻击路径复杂多步等特点,即一次完整的攻击需要通过执行多个不同的攻击步骤来实现最终目的。而现有的入侵检测系统往往不具有必要的关联能力,仅能检测单步攻击或攻击片段,难以发现和识别多步攻击模式,无法还原攻击者完整的攻击渗透过程。针对这一问题,提出了基于因果知识和时空关联的攻击场景重构技术。首先,利用贝叶斯网络对因果知识进行建模,从具有IP地址相关性的告警序列中发掘出具有因果关系的攻击模式,为后续关联分析提供模板依据。然后,借助因果知识网络,从因果、时间和空间多维度上对告警进行关联分析,以发现潜在的隐藏关系,重构出高层次的攻击场景,为构建可监管、可追责的云环境提供依据和参考。Attack behavior in cloud computing environment gradually shows characteristics of strong concealment and complex multi-step,that is,a complete attack needs to execute some different attack steps to achieve the final goal.However,the existing intrusion detection system usually does not have the necessary ability of correlation,and can only detect single-step attack or attack fragment,so it is difficult to find and identify multi-step attack,and unable to restore attackers’attack process completely.To solve this problem,this paper proposes an attack scenario reconstruction technique based on causal knowledge and space-time correlation.Firstly,the bayesian network is used to model the causal knowledge,and the causal attack patterns are extracted from the alerts with IP address correlation,so as to provide template basis for the subsequent correlation analysis.Then,on the basis of causal knowledge network,alert correlation is conducted from the perspectives of causal,temporal and spatial dimensions to discover potential hidden relationships,and high-level attack scenarios are reconstructed to provide basis and reference for building a cloud environment that can be monitored and accountable.

关 键 词:云计算 攻击场景 告警关联 因果知识网络 时空关联 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象