本文選題：協(xié)同檢測　切入點：實體行為　出處：《燕山大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著移動網(wǎng)、傳感網(wǎng)、物聯(lián)網(wǎng)以及各種信息處理終端融合到以Internet為主的網(wǎng)絡(luò)中，互聯(lián)網(wǎng)中出現(xiàn)了一些新的安全性和生存性要求極高的應(yīng)用系統(tǒng)，如電子支付系統(tǒng)、交通控制系統(tǒng)、SCADA(Supervisory Control and Data Acquisition)等。目前對這類系統(tǒng)的安全防護主要依靠對單點進行孤立的檢測和防護，，由于單點檢測系統(tǒng)之間缺少信息融合與共享配合，導(dǎo)致其信息來源和檢測機制存在較嚴(yán)重的局限性，對比較隱蔽或協(xié)同攻擊的行為檢測的準(zhǔn)確性較低，易產(chǎn)生誤報和漏報，本文通過對國內(nèi)外研究現(xiàn)狀進行綜合研究和分析，重點針對采用協(xié)同機制的多點檢測技術(shù)進行研究。 首先，針對傳統(tǒng)的單點檢測系統(tǒng)無法對協(xié)同攻擊有效防護的問題，提出一種多點檢測的層級協(xié)同模型。該模型將攻擊行為的特征信息協(xié)同與操作序列協(xié)同結(jié)合起來，應(yīng)用到了有害行為的判定中。利用系統(tǒng)檢測層的多監(jiān)控點實體行為信息聚集、管理域協(xié)同層的行為特征、操作序列信息協(xié)同分析和全局分析控制層的防護規(guī)則分發(fā)，提高了對隱含攻擊和協(xié)同攻擊檢測的準(zhǔn)確性。 其次，針對傳統(tǒng)的協(xié)同檢測系統(tǒng)模型中協(xié)同檢測方式單一的問題，給出了一種基于特征模式和操作序列的二進制序列化實體行為的定義，將實體行為特征和行為操作序列相似性度量引入到了行為的協(xié)同分析中，依據(jù)行為特征模式和操作序列多維度的協(xié)同機制給出協(xié)同檢測算法，檢測算法先對行為特征模式進行相似度判定歸類，然后對行為的操作序列進行相似度判定以得到非預(yù)期行為的安全性質(zhì)。 最后，設(shè)計實驗對本文提出的協(xié)同檢測算法和現(xiàn)有的算法進行比較和分析，以模擬協(xié)同攻擊的方式對行為的特征和操作序列進行了相似性的驗證，并對今后工作做出進一步的研究和展望。
[Abstract]:With the integration of mobile network, sensor network, Internet of things and various information processing terminals into the Internet network, some new security and survivability application systems, such as electronic payment system, have emerged in the Internet. Traffic control system SCADA-Supervisory Control and Data requirements etc. At present, the security protection of this kind of system mainly depends on the isolated detection and protection of a single point, because of the lack of information fusion and sharing cooperation between the single-point detection systems. Because of the serious limitation of information source and detection mechanism, the accuracy of detection of covert or cooperative attacks is low, and the false positives and omissions are easy to occur. This paper makes a comprehensive study and analysis of the current research situation at home and abroad. This paper focuses on the research of multi-point detection based on cooperative mechanism. Firstly, aiming at the problem that the traditional single point detection system can not protect against cooperative attack effectively, a hierarchical cooperative model of multi-point detection is proposed, which combines the cooperation of characteristic information of attack behavior with the cooperation of operation sequence. It is applied to the determination of harmful behavior. It makes use of the multi-monitoring point entity behavior information aggregation of the system detection layer, the behavior characteristics of the management domain collaboration layer, the cooperative analysis of operation sequence information and the distribution of protective rules in the global analysis control layer. The accuracy of detecting implicit attack and cooperative attack is improved. Secondly, a definition of binary serialized entity behavior based on feature pattern and operation sequence is proposed to solve the problem of single cooperative detection method in traditional cooperative detection system model. The similarity measure of entity behavior feature and action sequence is introduced into the collaborative analysis of behavior, and a collaborative detection algorithm is proposed according to the multi-dimensional cooperative mechanism of behavior feature pattern and operation sequence. The detection algorithm firstly classifies the behavior feature pattern and then determines the similarity of the operation sequence of the behavior to obtain the security of the unexpected behavior. Finally, the experiments are designed to compare and analyze the proposed cooperative detection algorithm and the existing algorithms, and verify the similarity of behavior characteristics and operation sequences by simulating cooperative attacks. And make further research and prospect to the future work.
【學(xué)位授予單位】：燕山大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前7條

1 李煥;趙婷;;面向電力信息基礎(chǔ)設(shè)施的網(wǎng)絡(luò)戰(zhàn)及其應(yīng)對措施[J];電力信息化;2013年05期

2 全亮亮;吳衛(wèi)東;;基于支持向量機和貝葉斯分類的異常檢測模型[J];計算機應(yīng)用;2012年06期

3 朱敏;朱之平;;基于數(shù)據(jù)融合多傳感器的分布式入侵檢測系統(tǒng)研究[J];計算機應(yīng)用與軟件;2006年07期

4 王海龍;胡寧;龔正虎;;Bot_CODA:僵尸網(wǎng)絡(luò)協(xié)同檢測體系結(jié)構(gòu)[J];通信學(xué)報;2009年S1期

5 安輝耀;吳澤俊;王新安;王秀云;;用于網(wǎng)絡(luò)入侵檢測的群體協(xié)同人工淋巴細胞模型[J];通信學(xué)報;2010年09期

6 肖政宏;陳志剛;李慶華;;WSN中基于分布式機器學(xué)習(xí)的異常檢測仿真研究[J];系統(tǒng)仿真學(xué)報;2011年01期

7 陳思思;連一峰;賈煒;;基于貝葉斯網(wǎng)絡(luò)的脆弱性狀態(tài)評估方法[J];中國科學(xué)院研究生院學(xué)報;2008年05期

本文編號：1650767