【摘要】：對網(wǎng)絡(luò)攻擊后入侵路徑的標(biāo)記,是后期對攻擊有效防范的關(guān)鍵。網(wǎng)絡(luò)遭受到入侵后,攻擊路徑和合法路徑分布交錯,對正常信息傳播途徑進(jìn)行破壞。傳統(tǒng)的攻擊路徑挖掘方法,以預(yù)防式為主,對攻擊后攻擊路徑的標(biāo)志問題研究很少,主要難點在于無法解決攻擊隨機(jī)性特征下,主動攻擊與被動攻擊的識別問題,不能準(zhǔn)確識別網(wǎng)絡(luò)入侵路徑。提出依據(jù)IPPID的多階段網(wǎng)絡(luò)入侵攻擊路徑標(biāo)識方法,根據(jù)歷史路由IP地址和Pi值數(shù)據(jù)庫對網(wǎng)絡(luò)入侵路徑進(jìn)行標(biāo)識,獲取完整的路徑,動態(tài)插入標(biāo)識,最大程度地利用標(biāo)識域的空間,對路徑進(jìn)行動態(tài)標(biāo)識,確保路徑標(biāo)識方法可動態(tài)自適應(yīng)不同網(wǎng)絡(luò)數(shù)據(jù)特征,通過學(xué)習(xí)過程的受害主機(jī)判斷標(biāo)識的數(shù)據(jù)包是合法包還是攻擊包。實驗結(jié)果說明,上述方法在收斂時間、誤報率方面都優(yōu)于其它方法,同其它路徑標(biāo)識方案對比,接受率差值提高了15%-20%,顯著提高了網(wǎng)絡(luò)攻擊路徑標(biāo)記的準(zhǔn)確率。
[Abstract]:The marking of intrusion path after network attack is the key to prevent attack effectively in the later stage. After the network is invaded, the attack path and the legal path are interlaced, and the normal information propagation path is destroyed. The traditional attack path mining method is mainly based on prevention, and there is little research on the marking problem of attack path after attack. the main difficulty is that it can not solve the problem of identification between active attack and passive attack under the random characteristics of attack, and can not accurately identify the network intrusion path. According to the multi-stage network intrusion attack path identification method of IPPID, the network intrusion path is identified according to the historical routing IP address and Pi value database, the complete path is obtained, the dynamic insertion identification is made, and the dynamic identification of the path is carried out by making maximum use of the space of the identification domain, so as to ensure that the path identification method can dynamically adapt to different network data characteristics. Through the learning process of the victim host to determine whether the identified packet is legitimate or attack packet. The experimental results show that the above methods are superior to other methods in convergence time and false alarm rate. Compared with other path identification schemes, the acceptance rate difference is increased by 15% 鈮，

本文編號：2511038