| 基于攻击链和网络流量检测的威胁情报分析研究 |
| |
| 引用本文: | 钟友兵.基于攻击链和网络流量检测的威胁情报分析研究[J].计算机应用研究,2017,34(6). |
| |
| 作者姓名: | 钟友兵 |
| |
| 作者单位: | 中国民航大学 |
| |
| 基金项目: | 民航局科技项目(MHRD20140205、MHRD20150233);民航局安全能力建设资金项目(PDSA0008);中央高校基本科研业务费中国民航大学专项(3122013Z008、3122013C004、3122015D025) |
| |
| 摘 要: | 以特征检测为主的传统安全产品越来越难以有效检测新型威胁,针对现有方法检测威胁攻击的不足,进行了一种基于攻击链结合网络异常流量检测的威胁情报分析方法研究,通过对获取的威胁信息进行分析,将提取出的情报以机器可读的格式实现共享,达到协同防御。该方法首先对网络中的异常流量进行检测,分析流量特征及其之间的关系,以熵值序列链的形式参比网络攻击链的模式;对每个异常时间点分类统计特征项,进行支持度计数,挖掘特征之间频繁项集模式,再结合攻击链各阶段的特点,还原攻击过程。仿真结果表明,该方法可以有效的检测网络中的异常流量,提取威胁情报指标。
|
| 关 键 词: | 威胁情报分析 攻击链 频繁模式挖掘 |
| 收稿时间: | 2016/5/9 0:00:00 |
| 修稿时间: | 2016/6/29 0:00:00 |
Threat intelligence analysis research based on kill chain and network traffic detection |
| |
| Affiliation: | Civil Aviation University of China |
| |
| Abstract: | Against these new threats, mainly feature detection of traditional security products is more and more difficult to do. Aiming at the shortcomings of the existing method to detect threats attack, we proceed a kind of based on the combination of network anomaly traffic detection with attack chain threat intelligence analysis method study, Through the analysis of the threat information, we can shared the intelligence in machine-readable format and achieve collaborative defense. First, this method detect the network anomaly traffic and analyze the relationship of characters; Through the statistics of each feature support count, mining frequent item sets mode among characteristics, combing the character of each stage of kill-chain, restoring the process of attack. Simulation results show that the method can effectively detect abnormal traffic within the network and extract the threat intelligence indicators. |
| |
| Keywords: | threat Intelligence analysis kill chain frequent pattern mining |
|
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
