基于神经网络和贝叶斯网络攻击图的多步攻击场景挖掘研究
首发时间:2019-01-08
摘要:为了从大量冗余的告警日志中发现攻击模式、构建多步攻击场景,达到对告警日志的误报消除。在本文中,我们提出了一种新的多步攻击场景构建模型,分为线下模式和线上模式两部分。在线下模式下,利用已知真实攻击告警日志通过神经网络进行训练剔除错误告警,再经过告警聚合处理和因果关联攻击序列生成等一系列处理进而生成贝叶斯网络攻击图;在线上模式下,利用大量线上告警日志对之前线下模式生成的神经网络和贝叶斯网络攻击图进行更新迭代,从而使迭代后的攻击图更加完整和准确。在最后,我们从贝叶斯网络攻击图中提取多种多步攻击场景,从而达到对冗余的IDS告警日志中消除错误告警的目的。为了验证算法的有效性,我们使用了DARPA 2000数据集进行测试,结果表明该方法的具有较高的准确性。
For information in English, please click here
Multi-step attack scenarios mining based on neural network and Bayesian network
Abstract:Attack patterns are generated from a large number of redundant alert log, and multi-step attack scenarios are built to eliminate false alert in the alert log. In this paper, we propose a new multi-step attack scenario construction model, which is divided into two parts: offline mode and online mode. In the offline mode, the known real attack alert log is used to train the neural network for removing error alert, and Eventually to generate a Bayesian network attack graph by alert aggregation processing and causal association attack sequence. In the online mode, a large number of online alert log is used to update the neural network and the Bayesian network attack graph generated by the previous offline mode, so that the iterative attack graph is more complete and accurate. In the end, we extracted a variety of multi-step attack scenarios from the Bayesian network attack graph to achieve the purpose of eliminating false alerts in the redundant IDS alert logs. In order to verify the validity of the algorithm, we used the DARPA 2000 dataset to test, and the results show that the algorithm has higher accuracy.
Keywords: Information security technology IDS log analysis neural network causal association analysis
引用
No.****
动态公开评议
共计0人参与
勘误表
基于神经网络和贝叶斯网络攻击图的多步攻击场景挖掘研究
评论
全部评论0/1000