SCADA系统通信网中的高级持续性攻击检测方法
发布时间:2018-08-04 18:02
【摘要】:高级持续性攻击(advanced persistent threat,APT)作为一种新型攻击,已成为SCADA(supervisory control and data acquisition)系统安全面临的主要威胁,而现有的入侵检测技术无法有效应对这一类攻击,因此研究有效的APT检测模型具有重要的意义。提出了一种新的APT攻击检测方法,该方法在正常日志行为建模阶段改进了对行为模式的表示方式,采用多种长度不同的特征子串表示行为模式,通过基于序列模式支持度来建立正常日志行为轮廓;在充分考虑日志事件时序特征的基础上,针对APT攻击行为复杂多变的特点,提出了基于矩阵相似匹配和判决阈值联合的检测模型。通过对比研究,该检测方法表现出了良好的检测性能。
[Abstract]:As a new type of attack, Advanced persistent attack (advanced persistent threat) has become the main threat to the security of SCADA (supervisory control and data acquisition) system. However, the existing intrusion detection technology can not effectively deal with this kind of attack. Therefore, it is of great significance to study the effective APT detection model. In this paper, a new APT attack detection method is proposed. In the normal log behavior modeling stage, this method improves the representation of behavior patterns, and uses a variety of characteristic substrings of different lengths to represent behavior patterns. The normal log behavior profile is established based on the support degree of sequential pattern, and the complex and changeable behavior of APT attack is considered on the basis of fully considering the temporal characteristics of log events. A detection model based on matrix similarity matching and decision threshold is proposed. Through comparative study, the detection method shows good detection performance.
【作者单位】: 安徽科技学院;清华同方股份有限公司;
【基金】:安徽省高校自然科学研究项目 安徽科技学院青年科研项目~~
【分类号】:TP393.08
[Abstract]:As a new type of attack, Advanced persistent attack (advanced persistent threat) has become the main threat to the security of SCADA (supervisory control and data acquisition) system. However, the existing intrusion detection technology can not effectively deal with this kind of attack. Therefore, it is of great significance to study the effective APT detection model. In this paper, a new APT attack detection method is proposed. In the normal log behavior modeling stage, this method improves the representation of behavior patterns, and uses a variety of characteristic substrings of different lengths to represent behavior patterns. The normal log behavior profile is established based on the support degree of sequential pattern, and the complex and changeable behavior of APT attack is considered on the basis of fully considering the temporal characteristics of log events. A detection model based on matrix similarity matching and decision threshold is proposed. Through comparative study, the detection method shows good detection performance.
【作者单位】: 安徽科技学院;清华同方股份有限公司;
【基金】:安徽省高校自然科学研究项目 安徽科技学院青年科研项目~~
【分类号】:TP393.08
【参考文献】
相关期刊论文 前4条
1 田新广;段m#毅;程学旗;;基于shell命令和多重行为模式挖掘的用户伪装攻击检测[J];计算机学报;2010年04期
2 徐洪华;张旭;;网络化SCADA系统安全防御策略[J];中国安全生产科学技术;2011年11期
3 翟东海;李同亮;段维夏;鱼江;肖杰;;基于矩阵相似度的最佳样本块匹配算法及其在图像修复中的应用[J];计算机科学;2014年01期
4 彭勇;江常青;谢丰;戴忠华;熊琦;高洋;;工业控制系统信息安全研究进展[J];清华大学学报(自然科学版);2012年10期
【共引文献】
相关期刊论文 前10条
1 肖喜;翟起滨;田新广;陈小娟;叶润国;;基于Shell命令和多阶Markov链模型的用户伪装攻击检测[J];电子学报;2011年05期
2 刘明;高玉琢;;一种基于Snort规则和神经网络的混合入侵检测模型[J];广西大学学报(自然科学版);2011年S1期
3 杜跃进;方}峙,
本文编号:2164670
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2164670.html
