面向WLAN的分布式无线多步攻击模式挖掘方法研究

doi:10.3969／j.issn.1000-0801.2013.11.007

电信科学 ›› 2013, Vol. 29 ›› Issue (11): 38-44.doi: 10.3969／j.issn.1000-0801.2013.11.007

面向WLAN的分布式无线多步攻击模式挖掘方法研究

陈观林^1,²,王泽兵¹,张泳¹

¹ 浙江大学城市学院计算机与计算科学学院杭州310015
² 浙江大学计算机学院杭州310027

出版日期:2013-11-20 发布日期:2017-07-04
基金资助:
浙江省自然科学基金资助项目;浙江省本科院校中青年学科带头人学术攀登基金资助项目

Research on Distributed Wireless Multi-Step Attack Pattern Mining Method for WLAN

Guanlin Chen^1,²,Zebing Wang¹,Yong Zhang¹

¹ School of Computer and Computing Science, Zhejiang University City College, Hangzhou 310015, China
² College of Computer Science, Zhejiang University, Hangzhou 310027, China

Online:2013-11-20 Published:2017-07-04

摘要/Abstract

摘要：

入侵检测和防御技术作为网络安全防护的重要手段，在传统有线网络环境中已有较为成熟的应用。但由于无线网络的特殊性，仍很少看到WLAN领域无线多步攻击规划识别的研究。提出了一种融合IEEE 802.11协议帧主要属性进行关联分析的分布式无线多步攻击模式挖掘（DWMAPM）方法。该方法包括构造全局攻击库、建立候选攻击链、筛选候选攻击链、关联多步攻击行为和识别多步攻击模式5个步骤。实验结果表明，DWMAPM方法能够适用于WLAN的真实攻击场景，有效挖掘出多种常见的无线多步攻击模式，可以为多步攻击意图预先识别提供基础。

关键词: 多步攻击模式, 无线局域网, 规划识别, 关联分析, 网络安全

Abstract:

As the important means of network security, intrusion detection and prevention technology have seen some preliminary applications in the traditional wired network environment. Due to the distinctive characteristics of wireless network, the applications of multi-stage attack plan recognition for WLAN are rarely seen in spite of the promising potential. A distributed wireless multi-step attack pattern mining（DWMAPM）method based on correlation analysis with the IEEE 802.11 protocol frame attributes was proposed. The method consists of five steps:constructing a global attack database, building candidate attack chains, filtering candidate attack chains, correlating multi-step attack behaviors and recognizing multi-step attack patterns. Experimental results show that DWMAPM is effective for recognizing a variety of typical attack patterns in real WLAN attack scenarios, and can provide a basis for forecasting the final attack plans.

Key words: multi-step attack pattern, WLAN, plan recognition, correlation analysis, network security

陈观林,王泽兵,张泳. 面向WLAN的分布式无线多步攻击模式挖掘方法研究[J]. 电信科学, 2013, 29(11): 38-44.

Guanlin Chen,Zebing Wang,Yong Zhang. Research on Distributed Wireless Multi-Step Attack Pattern Mining Method for WLAN[J]. Telecommunications Science, 2013, 29(11): 38-44.

图/表 5

图1

表1

表2

图2

图3

参考文献 12

1	中国互联网络信息中心（CNNIC）．第32次中国互联网络发展状况统计报告． , 2013
2	Percoco N J . Trustwave 2012 Global Security Report. Chicago:Trustware SpiderLabs, 2012
3	陈观林，冯雁，王泽兵．分布式无线入侵防御系统预先决策引擎研究．电信科学， 2010,26（10）:80～86
4	Geib C W , Goldman R P . Plan recognition in intrusion detection systems. Proceedings of DARPA Information Survivability Conference and Exposition（DISCEX IIˊ01）, Anaheim,USA, 2001
5	Geib C W , Goldman R P . Probabilistic plan recognition for hostile agents. Proceedings of the Fourteenth International Florida Artificial Intelligence Research Society Conference （FLAIRS 2001）, Key West, USA, 2001
6	Sheyner O , Haines J , Jha S , et al. Automated generation and analysis of attack graphs. Proceedings of the 2002 IEEE Symposium on Security and Privacy（SP'02）, Oakland, USA, 2002
7	Ning P , Cui Y , Reeves D S . Constructing attack scenarios through correlation of intrusion alerts. Proceedings of the 9th ACM Conference on Computer and Communications Security （CCS'02）, Washington, DC, USA, 2002
8	Ning P , Cui Y , Reeves D S , et al. Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security, 2004,7（2）: 274～318
9	Cuppens F , Miège A . Alert correlation in a cooperative intrusion detection framework. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, USA, 2002
10	Hellerstein J L , Ma S , Perng C S . Discovering actionable patterns in event data. IBM Systems Journal, 2002,41（3）: 475～493
11	Qin X Z , Lee W K . Attack plan recognition and prediction using causal networks. Proceedings of the 20th Annual Computer Security Applications Conference（ACSAC 2004）, Tucson, USA, 2004
12	Wang L , Ghorbani A , Li Y . Automatic multi-step attack pattern discovering. International Journal of Network Security, 2010,10（2）: 142～152

wa_i			wa_j
wa_i	srcMAC	dstMAC	srcIP	dstIP	dstVendor
srcMAC	0.1	0	0	0	0
dstMAC	0.1	0.25	0	0	0
srcIP	0	0	0.1	0	0
dstIP	0	0	0.1	0.15	0
dstVendor	0	0.1	0	0.1	0

AP	候选攻击链数	伪攻击链数	多步攻击模式数	挖掘率
AP₁	21763	627	11	1.75%
AP₂	19397	502	8	1.59%

[1]	周胜利, 蒋可怡, 徐博, 徐睿, 张熙康, 赵泉喆, 徐阳东. 面向电信网络诈骗治理的网络安全课程构建效能评估研究[J]. 电信科学, 2023, 39(6): 122-128.
[2]	张乐, 马洪源. 运营商网络边缘云安全实践[J]. 电信科学, 2023, 39(4): 165-172.
[3]	陈伟雄, 杨晓晨, 春增军, 李若兰, 张华. 电力企业网络安全威胁情报管理体系的研究与实践[J]. 电信科学, 2022, 38(7): 184-189.
[4]	刘亚天, 呼博文, 陈茂飞, 刘东鑫. 5GC安全态势感知系统研究[J]. 电信科学, 2022, 38(11): 73-85.
[5]	顾玥, 李丹, 高凯辉. 基于机器学习和深度学习的网络流量分类研究[J]. 电信科学, 2021, 37(3): 105-113.
[6]	高明,罗锦,周慧颖,焦海,应丽莉. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020, 36(5): 73-82.
[7]	李玉峰,陆肖元,曹晨红,李江涛,朱泓艺,孟楠. 智能网联汽车网络安全浅析[J]. 电信科学, 2020, 36(4): 36-45.
[8]	杨志强,粟栗,齐旻鹏,杨波. 5G安全技术与标准[J]. 电信科学, 2020, 36(12): 1-19.
[9]	何国锋. 零信任架构在5G云网中应用防护的研究[J]. 电信科学, 2020, 36(12): 123-132.
[10]	谢萍,刘孝颂. 基于区块链的SDN物联网部署安全[J]. 电信科学, 2020, 36(12): 139-146.
[11]	肖芫莹,游耀东,向黎希. 代码审计系统的误报率成因和优化[J]. 电信科学, 2020, 36(12): 155-162.
[12]	余航,王帅,金华敏. 基于RASP的Web安全检测方法[J]. 电信科学, 2020, 36(11): 113-120.
[13]	王俊文. 未来工业互联网发展的技术需求[J]. 电信科学, 2019, 35(8): 26-38.
[14]	李聪, 雷波, 解冲锋, 李云鹤. 基于区块链技术的可信网络[J]. 电信科学, 2019, 35(10): 60-68.
[15]	王健全,马彰超,李新中,孙雷,胡昌玮. 量子保密通信网络架构及移动化应用方案[J]. 电信科学, 2018, 34(9): 10-19.

面向WLAN的分布式无线多步攻击模式挖掘方法研究

Research on Distributed Wireless Multi-Step Attack Pattern Mining Method for WLAN

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 12

相关文章 15

Metrics

推荐阅读 0