本文已被:浏览 1187次 下载 15次
投稿时间:2006-09-23
投稿时间:2006-09-23
中文摘要: 为有效处理复合攻击检测中的诸多不确定性及复杂性因素,提出了基于WOWA-FCM的复合攻击检测模型。WOWA-FCM检测模型从攻击意图分析的角度,利用模糊认知图(Fuzzy Cognitive Maps, FCM)对初级入侵警报进行因果关联;并结合脆弱性知识与系统配置信息,利用WOWA(Weighted Ordered Weighted Averaging)算子融合关联数据。WOWA-FCM检测模型不仅能识别复合攻击各个阶段、构建完整的攻击视图,并且能动态地评判攻击进度和目标系统的安全状态。WOWA-FCM
Abstract:In order to handle the uncertainties and complexities of multi-stage attack detection effectively, a novel detection model for multi-stage attacks based on Weighted Ordered Weighted Averaging (WOWA) and Fuzzy Cognitive Maps (FCM) was proposed. Based on Attack Intention Analysis, the WOWA-FCM detection model implemented the Cause Effect correlation of the primary intrusion alerts along with the vulnerability and configuration information of the target system utilizing Fuzzy Cognitive Maps, and implemented the effects fusion via WOWA aggregation operators. The WOWA-FCM approach was not only able to recognize the individual stages of a multi stage attack, construct the whole attack scenario, but also able to evaluate the global attack process and the security states of the target system dynamically. The WOWA-FCM model simplified the conventional multi-stage attack detection process, and provided with a better adaptability. The effectiveness of this approach was verified by the Mstream DDoS detection experimental results.
keywords: multi-stage attack Fuzzy Cognitive Maps(FCM) intrusion detection Weighted Ordered Weighted Averaging operator(WOWA) alert correlation
文章编号:20080123 中图分类号: 文献标志码:
基金项目:国家自然科学基金资助项目(60573036); 航空基础科学基金资助项目(03F31007)
作者简介:
引用文本:
吕镇邦,周利华.基于WOWA-FCM的复合攻击检测模型[J].工程科学与技术,2008,40(1):122-126.
.A Detection Model for Multi-stage Attacks Based on WOWA-FCM[J].Advanced Engineering Sciences,2008,40(1):122-126.
引用文本:
吕镇邦,周利华.基于WOWA-FCM的复合攻击检测模型[J].工程科学与技术,2008,40(1):122-126.
.A Detection Model for Multi-stage Attacks Based on WOWA-FCM[J].Advanced Engineering Sciences,2008,40(1):122-126.