基于多ids系统的攻击场景重建方法的分析-analysis of attack scene reconstruction method based on multi - ids system.docxVIP

  • 12
  • 0
  • 约5.95万字
  • 约 69页
  • 2018-05-18 发布于上海
  • 举报

基于多ids系统的攻击场景重建方法的分析-analysis of attack scene reconstruction method based on multi - ids system.docx

基于多ids系统的攻击场景重建方法的分析-analysis of attack scene reconstruction method based on multi - ids system

AbstractNowadays, one very complicated problem bothering network analysts too much is the redundant data generated by IDS. The objective of our system SATA (Security Alert Threat Analysis) is trying to solve this problem. Several novel methods using data mining technologies to reconstruct attack scenarios were proposed to predict the next stage of attacks according to the recognition the attackers’ high level strategies. The main idea of this paper is to propose a novel idea of mining “complicated” attack scenarios based on multi-agent systems without the limitation of necessity of clear attack specifications and precise rule definitions. We propose SAMP, a reformative prefreespan algorithm, to mine frequent attack behavior sequences and construct attack scenarios. We also propose CAST which can construct the attack scenario tree for finding relationship between new attacks and historical attack scenarios effectively. The definition of cor-correlativity and pre-correlativity among three elements in frequent attack sequences are described for the attack behaviors correlation and potential attack intention identification. We perform a series of experiments to validate our method on practical attack network environments of CERNET. The results of experiments show that our approach is valid in multi-agent attack scenario construction and correlation analysis.Keywords:frequent attack sequence, attack scenario reconstruction, intrusion detection, data mining, correlation analysis目录摘要 .............................................................................................................. (I)ABSTRACT ................................................................................................ (II)1绪论1.1 研究背景................................................................................................(1)1.2 网络安全关联分析研究的必要性........................................................(5)1.3 国内外研究现状...........................................................................

您可能关注的文档

文档评论(0)

1亿VIP精品文档

相关文档