面向WLAN的分布式无线多步攻击模式挖掘方法研究

doi:10.3969／j.issn.1000-0801.2013.11.007

Abstract

Abstract:

As the important means of network security, intrusion detection and prevention technology have seen some preliminary applications in the traditional wired network environment. Due to the distinctive characteristics of wireless network, the applications of multi-stage attack plan recognition for WLAN are rarely seen in spite of the promising potential. A distributed wireless multi-step attack pattern mining（DWMAPM）method based on correlation analysis with the IEEE 802.11 protocol frame attributes was proposed. The method consists of five steps:constructing a global attack database, building candidate attack chains, filtering candidate attack chains, correlating multi-step attack behaviors and recognizing multi-step attack patterns. Experimental results show that DWMAPM is effective for recognizing a variety of typical attack patterns in real WLAN attack scenarios, and can provide a basis for forecasting the final attack plans.

Key words: multi-step attack pattern, WLAN, plan recognition, correlation analysis, network security

Guanlin Chen,Zebing Wang,Yong Zhang. Research on Distributed Wireless Multi-Step Attack Pattern Mining Method for WLAN[J]. Telecommunications Science, 2013, 29(11): 38-44.

Figures/Tables 5

References 12

1	中国互联网络信息中心（CNNIC）．第32次中国互联网络发展状况统计报告． , 2013
2	Percoco N J . Trustwave 2012 Global Security Report. Chicago:Trustware SpiderLabs, 2012
3	陈观林，冯雁，王泽兵．分布式无线入侵防御系统预先决策引擎研究．电信科学， 2010,26（10）:80～86
4	Geib C W , Goldman R P . Plan recognition in intrusion detection systems. Proceedings of DARPA Information Survivability Conference and Exposition（DISCEX IIˊ01）, Anaheim,USA, 2001
5	Geib C W , Goldman R P . Probabilistic plan recognition for hostile agents. Proceedings of the Fourteenth International Florida Artificial Intelligence Research Society Conference （FLAIRS 2001）, Key West, USA, 2001
6	Sheyner O , Haines J , Jha S , et al. Automated generation and analysis of attack graphs. Proceedings of the 2002 IEEE Symposium on Security and Privacy（SP'02）, Oakland, USA, 2002
7	Ning P , Cui Y , Reeves D S . Constructing attack scenarios through correlation of intrusion alerts. Proceedings of the 9th ACM Conference on Computer and Communications Security （CCS'02）, Washington, DC, USA, 2002
8	Ning P , Cui Y , Reeves D S , et al. Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security, 2004,7（2）: 274～318
9	Cuppens F , Miège A . Alert correlation in a cooperative intrusion detection framework. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, USA, 2002
10	Hellerstein J L , Ma S , Perng C S . Discovering actionable patterns in event data. IBM Systems Journal, 2002,41（3）: 475～493
11	Qin X Z , Lee W K . Attack plan recognition and prediction using causal networks. Proceedings of the 20th Annual Computer Security Applications Conference（ACSAC 2004）, Tucson, USA, 2004
12	Wang L , Ghorbani A , Li Y . Automatic multi-step attack pattern discovering. International Journal of Network Security, 2010,10（2）: 142～152

Metrics

Recommended 0

No Suggested Reading articles found!

wa_i			wa_j
wa_i	srcMAC	dstMAC	srcIP	dstIP	dstVendor
srcMAC	0.1	0	0	0	0
dstMAC	0.1	0.25	0	0	0
srcIP	0	0	0.1	0	0
dstIP	0	0	0.1	0.15	0
dstVendor	0	0.1	0	0.1	0

AP	候选攻击链数	伪攻击链数	多步攻击模式数	挖掘率
AP₁	21763	627	11	1.75%
AP₂	19397	502	8	1.59%

[1]	Le ZHANG, Hongyuan MA. Practice on edge cloud security of telecom operators [J]. Telecommunications Science, 2023, 39(4): 165-172.
[2]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[3]	Yatian LIU, Bowen HU, Maofei CHEN, Dongxin LIU. Study on the 5GC security situational awareness system [J]. Telecommunications Science, 2022, 38(11): 73-85.
[4]	Yue GU, Dan LI, Kaihui GAO. Research on network traffic classification based on machine learning and deep learning [J]. Telecommunications Science, 2021, 37(3): 105-113.
[5]	Ming GAO,Jin LUO,Huiying ZHOU,Hai JIAO,Lili YING. A differential feedback scheduling decision algorithm based on mimic defense [J]. Telecommunications Science, 2020, 36(5): 73-82.
[6]	Zhiqiang YANG,Li SU,Minpeng QI,Bo YANG. Overview and prospect of 5G security [J]. Telecommunications Science, 2020, 36(12): 1-19.
[7]	Guofeng HE. Application protection in 5G cloud network using zero trust architecture [J]. Telecommunications Science, 2020, 36(12): 123-132.
[8]	Ping XIE,Xiaosong LIU. Security of the deployment of SDN-based IoT using blockchain [J]. Telecommunications Science, 2020, 36(12): 139-146.
[9]	Yuanying XIAO,Yaodong YOU,Lixi XIANG. Causes and optimization of the false alarm rate of code review system [J]. Telecommunications Science, 2020, 36(12): 155-162.
[10]	Hang YU,Shuai WANG,Huamin JIN. RASP based Web security detection method [J]. Telecommunications Science, 2020, 36(11): 113-120.
[11]	Junwen WANG. Technical requirement of future industrial internet [J]. Telecommunications Science, 2019, 35(8): 26-38.
[12]	Cong LI, Bo LEI, Chongfeng XIE, Yunhe LI. Trustworthy network based on blockchain technology [J]. Telecommunications Science, 2019, 35(10): 60-68.
[13]	Jianquan WANG,Zhangchao MA,Xinzhong LI,Lei SUN,Changwei HU. Quantum secure communication network architecture and mobile application solution [J]. Telecommunications Science, 2018, 34(9): 10-19.
[14]	. Interestmeasurement and system construction of personal information protectionLI Meiyan [J]. Telecommunications Science, 2018, 34(8): 160-166.
[15]	Qi LIANG. Security＆ safety protection solution of ICS [J]. Telecommunications Science, 2018, 34(4): 144-150.

Research on Distributed Wireless Multi-Step Attack Pattern Mining Method for WLAN

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 12

Related Articles 15

Metrics

Recommended 0