Please wait a minute...
浙江大学学报(工学版)
计算机科学技术     
基于攻击行为预测的网络防御策略
任午令1, 赵翠文2, 姜国新1, David Maimon3, Theodore Wilson3, Bertrand Sobesto3
1.浙江工商大学 网络信息中心,浙江 杭州 310018; 2.浙江工商大学 计算机与信息工程学院,浙江 杭州 310018; 3.马里兰大学 克拉克工程学院,马里兰州 美国 MD 20742
Network defense strategy based on cyber attack behavior prediction
REN Wu-ling1, ZHAO Cui-wen2, JIANG Guo-xin1,David Maimon3, Theodore Wilson3, Bertrand Sobesto3
1. Network Information Center, Zhejiang Gongshang University, Hangzhou 310018, China; 2.College of Computer and Information Engineering, Zhejiang Gongshang University, Hangzhou 310018, China; 3.Clark School of Engineering, University of Maryland, Maryland 20742, US
 全文: PDF(2049 KB)   HTML
摘要:

为了有效阻止网络攻击行为,提出一种基于攻击行为预测的网络攻击防御方法.针对入侵者的攻击行为具有强的随机性和不确定性,部署高交互蜜罐网络,采集入侵者攻入主机后的攻击数据, 构建攻击状态转移图;利用隐马尔可夫模型(HMM)具有较为精确的似然度概率计算的特点,设计网络攻击行为预测模型.以攻击行为预测模型为核心,结合常用的入侵防御系统,构建主动防御策略,并开发相应的原型系统,将之部署到真实的网络系统中进行攻击实验.通过累计5个月真实数据的训练和验证,预测模型的准确率达到80%.结果表明该策略具有良好的网络攻击对抗性,可有效地用于预防网络攻击.

Abstract:

A network defense strategy based on the prediction of cyber attacker’s behaviors was given in order to effectively prevent cyber attacks. Intruders’ behaviors have strong randomness and uncertainty. A network of high-interaction honeypots was deployed to collect attack data, especially the behavior data of the attacker after successfully intruding on the host system. By using the attack data, the attack state-transition diagram was generated. Then combining with hidden markov model (HMM) which has fairly precise likelihood probability characteristic, a cyber attacker’s behaviors prediction model was designed. With the prediction model and a generally-used intrusion prevention system (IPS), a network defense strategy and its prototype system were proposed. The prototype system was deployed to the real network for attacking test. Through training and verifying with real data over 5 months, the model obtained 80% the prediction accuracy rate. The result shows that the network defense strategy has good network attack confrontation and can be effectively used to prevent cyber attacks.

出版日期: 2014-12-01
:  TP 393  
基金资助:

国家科技支撑计划资助项目(2013BAF02B10);浙江省国际科技合作专项资金资助项目(2013C24014);浙江省创新团队资助项目(2011R50004)

作者简介: 任午令(1964—),男,教授,从事计算机网络、电子商务、现代集成制造等教学科研工作. E-mail:rwl@zjgsu.edu.cn
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章  

引用本文:

任午令, 赵翠文, 姜国新, David Maimon, Theodore Wilson, Bertrand Sobesto. 基于攻击行为预测的网络防御策略[J]. 浙江大学学报(工学版), 10.3785/j.issn.1008-973X.2014.12.007.

REN Wu-ling, ZHAO Cui-wen, JIANG Guo-xin,David Maimon, Theodore Wilson, Bertrand Sobesto. Network defense strategy based on cyber attack behavior prediction. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 10.3785/j.issn.1008-973X.2014.12.007.

链接本文:

http://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2014.12.007        http://www.zjujournals.com/eng/CN/Y2014/V48/I12/2144

[1] RAMSBROCK D, BERTHIER R, CUKIER M.Profiling Attacker Behavior Following SSH Compromises[C]∥ 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN07). Washington, DC, USA: IEEE Computer Society, 2007: 119-124.
[2] SALLES-LOUSTAU G, BERTHIER R, COLLANGE E, et al, Characterizing attackers and attacks: an empirical study[C] ∥ IEEE 17th Pacific Rim International Symposium on Dependable Computing. Washington, DC, USA: IEEE Computer Society, 2011: 174-183.
[3] ALOSEFER Y,RANA O. Automated state machines applied in client honeypots[C] ∥ 5th International Conference on Future Information Technology (Future-Tech).Washington, DC, USA: IEEE Computer Society, 2010: 18.
[4] ALOSEFER Y,RANA O. Predicting client-side attacks via behaviour analysis using honeypot data [C] ∥ NWeSP, 7th International Conference on Next Generation Web Services Practices. Washington, DC, USA: IEEE Computer Society, 2011: 31-36.
[5] 印鉴,张钢,陈忆群.基于Honeynet的网络入侵模式挖掘[J].计算机工程与应用,2004(11): 114-117.
YIN Jian, ZHANG Gang, CHEN Yi-qun. Intrusion mode mining on honeynet[J]. Computer Engineering and Applications, 2004(11): 114-117.
[6] SCHONLAU M, MOUCHEL W. Computer intrusion: Detecting masquerades[J]. Statistical Science, 2001, 16(1): 58-74.
[7] MAXION R A, TOWNSEND T N. Masquerade detection using truncated command lines[C] ∥ Proceedings of the International Conference on Dependable Systems and Networks. Washington, DC, USA: IEEE Computer Society, 2002: 219-228.
[8] LANE T, CARLA E B. An empirical study of two approaches to sequence learning for anomaly detection[J]. Machine Learning, 2003, 51(1): 73-107.
[9] YING J, KIRUBARAJAN T. A hidden Markov based algorithm for fault diagnosis with partial and imperfect tests [J]. IEEE Transactions on System, Man, and Cybernetics, 2000, 30(4): 463-473.
[10] RABINER L. A tutorial on hidden markov models and selected applications in speech recognition [J]. Proceedings of the IEEE, 1989, 77: 257-286.
[11] CURTIS A C. A methodology for using intelligent agents to provide automated intrusion response [C]∥  Proceedings of the IEEE Systems, Man, and Cybernetics Information Assurance and Security Work-shop. New York: IEEE, 2000: 110-116.
[12] 彭凌西,谢冬青,付颖芳,等.基于危险理论的自动入侵响应系统模型[J].通信学报,2012,33(1): 136-144.
PENG Ling-xi, XIE Dong-qing, FU Ying-fang, et al. Automated intrusion response system model based on danger theory[J].Journal on Communications, 2012, 33(1): 136-144.

[1] 游录金, 卢兴见, 何高奇. 云环境亚健康研究[J]. 浙江大学学报(工学版), 2017, 51(6): 1181-1189.
[2] 张欣欣, 徐恪, 钟宜峰, 苏辉. 网络服务提供商合作行为的演化博弈分析[J]. 浙江大学学报(工学版), 2017, 51(6): 1214-1224.
[3] 李建丽, 丁丁, 李涛. 基于二次聚类的多目标混合云任务调度算法[J]. 浙江大学学报(工学版), 2017, 51(6): 1233-1241.
[4] 王钰翔, 李晟洁, 王皓, 马钧轶, 王亚沙, 张大庆. 基于Wi-Fi的非接触式行为识别研究综述[J]. 浙江大学学报(工学版), 2017, 51(4): 648-654.
[5] 钱良芳, 张森林, 刘妹琴. 基于预约的数据队列水下无线传感器网络MAC协议[J]. 浙江大学学报(工学版), 2017, 51(4): 691-696.
[6] 李晓东, 祝跃飞, 刘胜利, 肖睿卿. 基于权限的Android应用程序安全审计方法[J]. 浙江大学学报(工学版), 2017, 51(3): 590-597.
[7] 黄焱, 王鹏, 谢高辉, 安俊秀. 智能电网下数据中心能耗费用优化综述[J]. 浙江大学学报(工学版), 2016, 50(12): 2386-2399.
[8] 余洋,夏春和,原志超,李忠. 计算机网络协同防御系统信任启动模型[J]. 浙江大学学报(工学版), 2016, 50(9): 1684-1694.
[9] 齐平, 李龙澍, 李学俊. 具有失效恢复机制的云资源调度算法[J]. 浙江大学学报(工学版), 2015, 49(12): 2305-2315.
[10] 苏凯, 马良荔, 孙煜飞, 郭晓明. 面向Web服务QoS预测的非负矩阵分解模型[J]. 浙江大学学报(工学版), 2015, 49(7): 1358-1366.
[11] 高键鑫, 吴旭升, 高嵬, 张文兵. 面向移动自组网的信任数据自存储模型[J]. 浙江大学学报(工学版), 2015, 49(6): 1022-1030.
[12] 高梦州, 冯冬芹, 凌从礼, 褚健. 基于攻击图的工业控制系统脆弱性分析[J]. 浙江大学学报(工学版), 2014, 48(12): 2123-2131.
[13] 李德骏,汪港,杨灿军,金波,陈燕虎. 基于NTP和IEEE1588海底观测网时间同步系统[J]. J4, 2014, 48(1): 1-7.
[14] 郭童,林峰. 基于混合遗传鱼群算法的贝叶斯网络结构学习[J]. J4, 2014, 48(1): 130-135.
[15] 刘端阳 ,谢建平,曹衍龙.  基于能量模型的可分负荷调度算法的研究[J]. J4, 2013, 47(9): 1547-1553.