网络协议隐形攻击行为的聚类感知挖掘

发布时间：2018-04-27 11:48

  本文选题：协议逆向分析 + 隐形攻击行为　； 参考：《通信学报》2017年06期

【摘要】：深藏在网络协议中的隐形攻击行为日益成为网络安全面临的新挑战。针对现有协议逆向分析方法在协议行为分析特别是隐形攻击行为挖掘方面的不足,提出了一种新颖的指令聚类感知挖掘方法。通过抽取协议的行为指令序列,利用指令聚类算法对所有的行为指令序列进行聚类分析,根据行为距离的计算结果,从大量未知协议程序中快速准确地挖掘出隐形攻击行为指令序列。将动态污点分析和指令聚类分析相结合,在自主研发的虚拟分析平台Hidden Disc上分析了1 297个协议样本,成功挖掘出193个隐形攻击行为,自动分析和手动分析的结果完全一致。实验结果表明,该方案在效率和准确性方面对协议隐形攻击行为的感知挖掘都是理想的。
[Abstract]:Stealth attacks in network protocols are increasingly becoming a new challenge for network security. In view of the shortcomings of the existing protocol reverse analysis methods in the analysis of protocol behavior analysis, especially stealth attacks, a novel method of instruction clustering perception mining is proposed. The clustering algorithm is used to cluster and analyze all the sequence of behavior instructions. According to the calculation results of the behavior distance, the stealth attack sequence is quickly and accurately excavated from a large number of unknown protocol programs. The dynamic blot analysis and instruction clustering analysis are combined to analyze the 1297 of the independent research platform on the virtual analysis platform of Hidden Disc. The protocol sample has successfully excavated 193 stealth attacks, and the results of automatic analysis and manual analysis are all the same. The experimental results show that the scheme is ideal for the efficiency and accuracy of the perceptive mining of the protocol stealth attack.

【作者单位】： 武警工程大学网络与信息安全武警部队重点实验室;西安电子科技大学综合业务网理论及关键技术国家重点实验室;
【基金】：国家自然科学基金资助项目(No.61373170,No.61402530,No.61309022,No.61309008)~~
【分类号】：TP311.13;TP393.08
，

本文编号：1810616