网络入侵后攻击路径标志技术研究与仿真
发布时间:2019-07-06 13:16
【摘要】:对网络攻击后入侵路径的标记,是后期对攻击有效防范的关键。网络遭受到入侵后,攻击路径和合法路径分布交错,对正常信息传播途径进行破坏。传统的攻击路径挖掘方法,以预防式为主,对攻击后攻击路径的标志问题研究很少,主要难点在于无法解决攻击随机性特征下,主动攻击与被动攻击的识别问题,不能准确识别网络入侵路径。提出依据IPPID的多阶段网络入侵攻击路径标识方法,根据历史路由IP地址和Pi值数据库对网络入侵路径进行标识,获取完整的路径,动态插入标识,最大程度地利用标识域的空间,对路径进行动态标识,确保路径标识方法可动态自适应不同网络数据特征,通过学习过程的受害主机判断标识的数据包是合法包还是攻击包。实验结果说明,上述方法在收敛时间、误报率方面都优于其它方法,同其它路径标识方案对比,接受率差值提高了15%-20%,显著提高了网络攻击路径标记的准确率。
[Abstract]:The marking of intrusion path after network attack is the key to prevent attack effectively in the later stage. After the network is invaded, the attack path and the legal path are interlaced, and the normal information propagation path is destroyed. The traditional attack path mining method is mainly based on prevention, and there is little research on the marking problem of attack path after attack. the main difficulty is that it can not solve the problem of identification between active attack and passive attack under the random characteristics of attack, and can not accurately identify the network intrusion path. According to the multi-stage network intrusion attack path identification method of IPPID, the network intrusion path is identified according to the historical routing IP address and Pi value database, the complete path is obtained, the dynamic insertion identification is made, and the dynamic identification of the path is carried out by making maximum use of the space of the identification domain, so as to ensure that the path identification method can dynamically adapt to different network data characteristics. Through the learning process of the victim host to determine whether the identified packet is legitimate or attack packet. The experimental results show that the above methods are superior to other methods in convergence time and false alarm rate. Compared with other path identification schemes, the acceptance rate difference is increased by 15% 鈮,
本文编号:2511038
[Abstract]:The marking of intrusion path after network attack is the key to prevent attack effectively in the later stage. After the network is invaded, the attack path and the legal path are interlaced, and the normal information propagation path is destroyed. The traditional attack path mining method is mainly based on prevention, and there is little research on the marking problem of attack path after attack. the main difficulty is that it can not solve the problem of identification between active attack and passive attack under the random characteristics of attack, and can not accurately identify the network intrusion path. According to the multi-stage network intrusion attack path identification method of IPPID, the network intrusion path is identified according to the historical routing IP address and Pi value database, the complete path is obtained, the dynamic insertion identification is made, and the dynamic identification of the path is carried out by making maximum use of the space of the identification domain, so as to ensure that the path identification method can dynamically adapt to different network data characteristics. Through the learning process of the victim host to determine whether the identified packet is legitimate or attack packet. The experimental results show that the above methods are superior to other methods in convergence time and false alarm rate. Compared with other path identification schemes, the acceptance rate difference is increased by 15% 鈮,
本文编号:2511038
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2511038.html
