| 基于主机攻击图的攻击识别 |
| |
| 引用本文: | 钱权,朱伟,赖岩岩,张瑞.基于主机攻击图的攻击识别[J].上海大学学报(自然科学版),2013,19(3):271-279. |
| |
| 作者姓名: | 钱权 朱伟 赖岩岩 张瑞 |
| |
| 作者单位: | 1. 上海大学 计算机工程与科学学院, 上海 200072; 2. 中国科学院 信息安全国家重点实验室, 北京 100190 |
| |
| 基金项目: | 上海市重点学科建设资助项目(J50103) |
| |
| 摘 要: | 研究了一种基于主机攻击图的网络攻击识别方法, 其核心是定义一种SAGML 语言, 并利用该语言中的状态、行为和关系来描述攻击. 详细讨论了攻击图的状态结构和行为链结构, 以及基于XML 语言的攻击图构建和解析过程. 此外, 为了提高攻击图的匹配效率, 研究了攻击图的索引建立和匹配过程. 最后, 结合SYNFlood 和Peacomm 攻击示例, 介绍了该方法的应用过程.
|
| 关 键 词: | 攻击图 攻击图匹配 攻击图索引 |
| 收稿时间: | 2012-11-05 |
Host-Based Attack Graph for Attack Recognition |
| |
| QIAN Quan,ZHU Wei,LAI Yan-yan,ZHANG Rui.Host-Based Attack Graph for Attack Recognition[J].Journal of Shanghai University(Natural Science),2013,19(3):271-279. |
| |
| Authors: | QIAN Quan ZHU Wei LAI Yan-yan ZHANG Rui |
| |
| Affiliation: | 1. School of Computer Engineering and Science, Shanghai University, Shanghai 200072, China; 2. State Key Laboratory of Information Security, Chinese Academy of Sciences, Beijing 100190, China |
| |
| Abstract: | This paper establishes a system of network attack recognition based on attack graph by defining a SAGML language, which uses three elements: state, behavior and relationship to describe an attack. State and behavior chain structure of the attack graph, and the construction and analysis of attack graph based on XML are discussed in detail. To improve efficiency of attack graph retrieval, the attack graph indexing and matching strategy are studied. Two typical attacks, SYNFlood and Peacomm, are used to show applications of the proposed method. |
| |
| Keywords: | attack graph attack graph indexing attack graph matching |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《上海大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《上海大学学报(自然科学版)》下载全文 |
|
