网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (6): 54-57.doi: 10.11959/j.issn.2096-109x.2016.00058

• 学术论文 • 上一篇    下一篇

基于内网行为分析的未知攻击检测模型

俞艺涵(),付钰,吴晓平   

  1. 海军工程大学信息安全系,湖北 武汉 430033
  • 修回日期:2016-04-17 出版日期:2016-06-15 发布日期:2020-03-26
  • 作者简介:俞艺涵(1992-),男,浙江金华人,海军工程大学硕士生,主要研究方向为信息系统安全。|付钰(1982-),女,湖北武汉人,博士,海军工程大学副教授,主要研究方向为信息安全风险评估。|吴晓平(1961-),男,山西新绛人,博士,海军工程大学教授,主要研究方向为系统分析与决策。
  • 基金资助:
    国家自然科学基金资助项目(61100042);湖北省自然科学基金资助项目(2015CFC867);信息保障技术国防重点实验室基金资助项目(KJ-13-111)

Unknown attack detection model based on network behavior analysis

Yi-han YU(),Yu FU,Xiao-ping WU   

  1. Department of Information Security,Naval University of Engineering,Wuhan 430033,China
  • Revised:2016-04-17 Online:2016-06-15 Published:2020-03-26
  • Supported by:
    The National Natural Science Foundation of China(61100042);The Natural Science Foundation of Hubei Province(2015CFC867);The National Defense Key Laboratory of Information Security Technology(KJ-13-111)

摘要:

日益增多的未知攻击手段对内网造成安全威胁,提出了一种基于内网行为分析的未知攻击手段检测模型。借助对内网信息资源充分可知的优势,首先,收集内网信息资源资料;然后,分析内网信息节点的行为异常风险要素;最后,以信息节点与信息资源获取路径为要素构建检测有向图模型。通过验证,该模型可以达到预期的检测效果。

关键词: 内网行为, 未知攻击, 有向图, 检测模型

Abstract:

As for the intranet security threats of the increasing number of unknown attacks,an unknown attack detection model based on network behavior analysis was proposed.With the help of the information resources within the intranet,firstly,the information resources of the intranet were collected,then the risk factors of abnormal behav-ior of the internet information node were analyzed,finally,the information node and the information resources ac-quisition path as the key element were used to construct the detection model of the directed graph.By verifying,the model can achieve the desired detection results.

Key words: intranet behavior, unknown attacks, directed graph, detection model

中图分类号: 

No Suggested Reading articles found!