面向入侵意图的复合攻击检测和预测算法.pdfVIP

1000-9825/2005/16(12)2132 ©2005 Journal of Software 软 件 学 报 Vol.16, No.12 ∗ 基于入侵意图的复合攻击检测和预测算法 + 鲍旭华 , 戴英侠, 冯萍慧, 朱鹏飞, 魏 军 (信息安全国家重点实验室( 中国科学院 研究生院),北京 100049) A Detection and Forecast Algorithm for Multi-Step Attack Based on Intrusion Intention + BAO Xu-Hua , DAI Ying-Xia, FENG Ping-Hui, ZHU Peng-Fei, WEI Jun (State Key Laboratory of Information Security (Graduate School, The Chinese Academy of Sciences), Beijing 100049, China) + Corresponding author: Phn: +86-10 E-mail: xuhua_bao@, Received 2004-06-11; Accepted 2005-06-02 Bao XH, Dai YX, Feng PH, Zhu PF, Wei J. A detection and forecast algorithm for multi-step attack based on intrusion intention. Journal of Software, 2005,16(12):2132−2138. DOI: 10.1360/jos162132 Abstract: The multi-step attack is one of the primary forms of the current intrusions. How to detect these attacks is an important aspect of IDS research. The correlation research to intrusion detection performs mainly on the following aspects: (1) reducing the false positives and false negatives; (2) detecting unknown attacks; (3) attack forecasting. Especially the development of the third point perhaps improves the passive detection to the active protection. Through the study on patterns of the multi-step attack, a detection and forecast algorithm is designed for multi-step attack based on intrusion intention. In this algorithm, an extended directed graph is used to show attack types and their relations, while the correlation is performed according to the method of backwards matching and absent matching. Based on the weighted summation of correlation attack ’s chain and the branch’s wei