通信学报 ›› 2021, Vol. 42 ›› Issue (6): 182-194.doi: 10.11959/j.issn.1000-436x.2021106
张红斌1,2, 尹彦1, 赵冬梅2, 刘滨3,4
修回日期:
2021-04-09
出版日期:
2021-06-25
发布日期:
2021-06-01
作者简介:
张红斌(1976− ),男,河北赵县人,博士,河北科技大学教授,主要研究方向为网络安全与管理、社交物联网等基金资助:
Hongbin ZHANG1,2, Yan YIN1, Dongmei ZHAO2, Bin LIU3,4
Revised:
2021-04-09
Online:
2021-06-25
Published:
2021-06-01
Supported by:
摘要:
为了解决现实环境中网络规模日益扩大导致网络攻击持续高发的现状,将威胁情报应用到态势感知,构建基于随机博弈的态势感知模型。将外源威胁情报与系统内部安全事件之间的相似度进行比较,对目标系统进行威胁察觉,根据系统内部的威胁信息生成内源威胁情报;在此过程中,利用博弈论的思想量化系统当前的网络安全态势,评估网络的安全状况,最终实现对网络安全态势的预测。实验结果表明,基于威胁情报的网络安全态势感知模型能正确地反映网络安全状态的变化,对攻击行为进行准确的预测。
中图分类号:
张红斌, 尹彦, 赵冬梅, 刘滨. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021, 42(6): 182-194.
Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence[J]. Journal on Communications, 2021, 42(6): 182-194.
表6
CICIDS2017攻击种类及时间"
时间 | 标签 |
Monday | Benign |
Tuesday | FTP-Patator(9:20-10:20), SSH-Patator(14:00-15:00) |
Wednesday | DoS Slowloris(9:47-10:10), DoS slowhttptest (10:14-10:35), DoSHulk(10:43-11:00), DoSGoldenEye (11:10-12:23), Heartbleed Attack(15:12-15:23) |
Thursday | Web BForce(9:20-10:00), XSS(10:15-10:35), Sql Injection(10:40-10:42), Web and Infiltration Attacks (14:19-15:45) |
Friday | Botnet(10:02-11:02), PortScans(13:55-15:23), DDoS (15:57-16:16) |
[1] | ZHANG Q Y , LI H , HU J S . A study on security framework against advanced persistent threat[C]// 2017 7th IEEE International Conference on Electronics Information and Emergency Communication. Piscataway:IEEE Press, 2017: 128-131. |
[2] | ??NAR C , ALKAN M , D?RTERLER M ,et al. A study on advanced persistent threat[C]// 2018 3rd International Conference on Computer Science and Engineering. Piscataway:IEEE Press, 2018: 116-121. |
[3] | LI Y Q , DAI W K , BAI J ,et al. An intelligence-driven security-aware defense mechanism for advanced persistent threats[J]. IEEE Transactions on Information Forensics and Security, 2019,14(3): 646-661. |
[4] | ENDSLEY M R . Toward a theory of situation awareness in dynamic systems[J]. Human Factors:the Journal of the Human Factors and Ergonomics Society, 1995,37(1): 32-64. |
[5] | BASS T . Intrusion detection systems and multisensor data fusion[J]. Communications of the ACM, 2000,43(4): 99-105. |
[6] | HE F N , ZHANG Y Q , LIU H Z ,et al. SCPN-based game model for security situational awareness in the Intenet of things[C]// 2018 IEEE Conference on Communications and Network Security. Piscataway:IEEE Press, 2018: 1-5. |
[7] | 翁芳雨 . 基于随机博弈模型的网络安全态势评估与预测方法的研究与设计[D]. 北京:北京邮电大学, 2018. |
WENG F Y . Research and design of network security situation assessment and prediction method based on random game model[D]. Beijing:Beijing University of Posts and Telecommunications, 2018. | |
[8] | 李腾飞, 李强, 余祥 ,等. 基于拓扑漏洞分析的网络安全态势感知模型[J]. 计算机应用, 2018,38(S2): 157-163,169. |
LI T F , LI Q , YU X ,et al. Network security situational awareness model based on topological vulnerability analysis[J]. Journal of Computer Applications, 2018,38(S2): 157-163,169. | |
[9] | IOANNOU G , LOUVIERIS P , CLEWLEY N . A Markov multi-phase transferable belief model for cyber situational awareness[J]. IEEE Access, 2019,7: 39305-39320. |
[10] | 李骏韬 . 基于DNS流量和威胁情报的APT检测研究[D]. 上海:上海交通大学, 2016. |
LI J T . APT detection research based on DNS traffic and threat intelligence[D]. Shanghai:Shanghai JiaoTong University, 2016. | |
[11] | 李炜键, 金倩倩, 郭靓 . 基于威胁情报共享的安全态势感知和入侵意图识别技术研究[J]. 计算机与现代化, 2017(3): 65-70. |
LI W J , JIN Q Q , GUO L . Research on security situation awareness and intrusion intention recognition based on threat intelligence sharing[J]. Computer and Modernization, 2017(3): 65-70. | |
[12] | 杨泽明, 李强, 刘俊荣 ,等. 面向攻击溯源的威胁情报共享利用研究[J]. 信息安全研究, 2015,1(1): 31-36. |
YANG Z M , LI Q , LIU J R ,et al. Research of threat intelligence sharing and using for cyber attack attribution[J]. Journal of Information Security Research, 2015,1(1): 31-36. | |
[13] | MAVROEIDIS V , BROMANDER S . Cyber threat intelligence model:an evaluation of taxonomies,sharing standards,and ontologies within cyber threat intelligence[C]// 2017 European Intelligence and Security Informatics Conference. Piscataway:IEEE Press, 2017: 91-98. |
[14] | SADIQUE F , CHEUNG S , VAKILINIA I ,et al. Automated structured threat information expression (STIX) document generation with privacy preservation[C]// 2018 9th IEEE Annual Ubiquitous Computing,Electronics & Mobile Communication Conference. Piscataway:IEEE Press, 2018: 847-853. |
[15] | ZHANG H , YI Y , WANG J ,et al. Network security situation awareness framework based on threat intelligence[J]. Computers,Materials and Continua, 2018,56(3): 381-399. |
[16] | YANG S , WEI X . Research on optimization model of network attack-defense game[C]// 2017 8th IEEE International Conference on Software Engineering and Service Science. Piscataway:IEEE Press, 2017: 426-429. |
[17] | LIPPMANN R P , FRIED D J , GRAF I ,et al. Evaluating intrusion detection systems:the 1998 DARPA off-line intrusion detection evaluation[J]. Proceedings DARPA Information Survivability Conference and Exposition DISCEX’00, 2000,2(2): 12-26. |
[18] | 席荣荣, 云晓春, 张永铮 ,等. 一种改进的网络安全态势量化评估方法[J]. 计算机学报, 2015,38(4): 749-758. |
XI R R , YUN X C , ZHANG Y Z ,et al. An improved quantitative evaluation method for network security[J]. Chinese Journal of Computers, 2015,38(4): 749-758. | |
[19] | SHARAFALDIN I , HABIBI LASHKARI A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]// Proceedings of the 4th International Conference on Information Systems Security and Privacy. Piscataway:IEEE Press, 2018: 108-116. |
[20] | 李希灿 . 模糊数学方法及应用[M]. 北京: 化学工业出版社, 2016. |
LI X C . Fuzzy mathematics method and application[M]. Beijing: Chemical Industry Press, 2016. | |
[21] | 韩敏娜 . 基于多传感器数据融合的网络安全态势评估及预测模型研究[D]. 无锡:江南大学, 2013. |
HAN M N . The research on the assessment and prediction model of network security situation based on multi-sensor data fusion[D]. Wuxi:Jiangnan University, 2013. | |
[22] | 雷杰 . 网络安全威胁与态势评估方法研究[D]. 武汉:华中科技大学, 2008. |
LEI J . Research on the network security threat and situation assessment[D]. Wuhan:Huazhong University of Science and Technology, 2008. | |
[23] | 卢鹏 . 网络安全态势量化评估方法研究与应用[D]. 成都:电子科技大学, 2019. |
LU P . Research and application of network security situation quantitative evaluation method[D]. Chengdu:University of Electronic Science and Technology of China, 2019. | |
[24] | 赵迪 . 面向佯攻的虚实攻击链构造及检测方法的研究与实现[D]. 北京:北京交通大学, 2019. |
ZHAO D . Research and implementation of construction and detection methods of virtual attack and real attack chains for feint attacks[D]. Beijing:Beijing Jiaotong University, 2019. |
[1] | 赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56. |
[2] | 谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215. |
[3] | 徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127. |
[4] | 范伟, 彭诚, 朱大立, 王雨晴. 移动边缘计算网络下基于静态贝叶斯博弈的入侵响应策略研究[J]. 通信学报, 2023, 44(2): 70-81. |
[5] | 康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135. |
[6] | 郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92. |
[7] | 杨秀璋, 彭国军, 李子川, 吕杨琦, 刘思德, 李晨光. 基于Bert和BiLSTM-CRF的APT攻击实体识别及对齐研究[J]. 通信学报, 2022, 43(6): 58-70. |
[8] | 冯智斌, 徐煜华, 杜智勇, 刘鑫, 李文, 韩昊, 张晓博. 对抗智能干扰的主动防御技术[J]. 通信学报, 2022, 43(10): 42-54. |
[9] | 张腾飞, 余顺争. 移动设备加密流量的用户信息探测研究展望[J]. 通信学报, 2021, 42(2): 154-167. |
[10] | 程旭, 王莹莹, 张年杰, 付章杰, 陈北京, 赵国英. 基于空间感知的多级损失目标跟踪对抗攻击方法[J]. 通信学报, 2021, 42(11): 242-254. |
[11] | 黄韬, 刘江, 汪硕, 张晨, 刘韵洁. 未来网络技术与发展趋势综述[J]. 通信学报, 2021, 42(1): 130-150. |
[12] | 罗智勇,杨旭,刘嘉辉,许瑞. 基于贝叶斯攻击图的网络入侵意图分析模型[J]. 通信学报, 2020, 41(9): 160-169. |
[13] | 吴武飞,李仁发,曾刚,谢勇,谢国琪. 智能网联车网络安全研究综述[J]. 通信学报, 2020, 41(6): 161-174. |
[14] | 赵临东,庄文芹,陈建新,周亮. 异构蜂窝网络中分层任务卸载:建模与优化[J]. 通信学报, 2020, 41(4): 34-44. |
[15] | 李沓,田有亮,向康,高鸿峰. 委托计算下基于区块链的公平支付方案[J]. 通信学报, 2020, 41(3): 80-90. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|