| 基于攻击者能力状态的入侵建模方法 |
| |
| 引用本文: | 王良民,马建峰.基于攻击者能力状态的入侵建模方法[J].系统工程与电子技术,2006,28(5):753-760. |
| |
| 作者姓名: | 王良民 马建峰 |
| |
| 作者单位: | 西安电子科技大学计算机网络与信息安全教育部重点实验室,陕西,西安710071 |
| |
| 基金项目: | 国家自然科学基金重大研究计划(9020401),国家自然基金项目(60573035,60573036)资助课题 |
| |
| 摘 要: | 为解决反应式容忍入侵系统中入侵模型的构建问题,提出了一个基于攻击者能力的入侵模型及相应的模型构建与描述算法。该模型以攻击者对系统操控能力的状态转移过程来描述入侵,首先在警报关联过程中发现入侵者的攻击逻辑并据此构建元攻击模型,然后将元攻击模型转化为一种简单的覆盖形式,并证明了元攻击、覆盖与攻击模型三者之间的一一对应关系,从理论上获得了该入侵模型的存在性与唯一性证明,提出了自动描述该模型的TIBC算法。最后,在警报关联系统中测试了该入侵模型及其构建与描述算法,获得了较高的识别率与较低的虚警率。
|
| 关 键 词: | 通信与信息系统 入侵模型 警报关联 容忍入侵 |
| 文章编号: | 1001-506X(2006)05-0753-08 |
| 修稿时间: | 2005年6月12日 |
Modeling the intrusion based on the capability of attacker |
| |
| WANG Liang-min,MA Jian-feng.Modeling the intrusion based on the capability of attacker[J].System Engineering and Electronics,2006,28(5):753-760. |
| |
| Authors: | WANG Liang-min MA Jian-feng |
| |
| Abstract: | Modeling the intrusion is an open problem in intrusion tolerance system.A model of state transition and its constructing algorithm are presented.The model is focused on the influence of the intrusion upon the system and describes the intrusion as the state transition process of the attackers' capability.The constructing algorithm correlates the intrusion detection alerts into meta-attack,and defines cover as the reduction of meta-attack.Then the method of transforming the cover of meta-attack to intrusion model is proposed and the proofs of the equivalence among intrusion model,meta-attack and its cover are given.An algorithm for describing the intrusion model adaptively is presented,in which the manual work is not employed like the existing methods.In the end,both the intrusion model and the algorithms for constructing and describing this model show their good performances in the correlation experiment. |
| |
| Keywords: | communication and information system intrusion model alert correlation intrusion tolerance |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
