计算机工程 ›› 2018, Vol. 44 ›› Issue (5): 128-132.doi: 10.19678/j.issn.1000-3428.0046456

• 安全技术 • 上一篇    下一篇

支持告警序列差分隐私保护的网络入侵关联方法

李洪成,吴晓平   

  1. 海军工程大学 信息安全系,武汉 430033
  • 收稿日期:2017-03-21 出版日期:2018-05-15 发布日期:2018-05-15
  • 作者简介:李洪成(1991—),男,博士研究生,主研方向为网络安全、数据挖掘;吴晓平,教授、博士、博士生导师。
  • 基金项目:
    国家自然科学基金(61672531)。

Network Intrusion Correlation Method with Differential Privacy Protection of Alerts Sequence

LI Hongcheng,WU Xiaoping   

  1. Department of Information Security,Naval University of Engineering,Wuhan 430033,China
  • Received:2017-03-21 Online:2018-05-15 Published:2018-05-15

摘要: 在网络入侵情报协同分析过程中,告警数据的共享使被攻击者面临隐私泄露的风险。针对现有告警信息隐私保护方法无法应对背景知识下恶意分析的问题,提出一种新的网络告警关联分析方法。以原始告警序列数据集作为输入,利用Laplace机制构建支持差分隐私保护的噪声告警序列前缀树。在此基础上,通过遍历噪声前缀树生成泛化告警序列数据集,使用频繁序列挖掘算法实现告警关联。从理论角度证明该方法支持ε-差分隐私保护,并在典型多步攻击场景LLDoS1.0 inside数据集上进行验证。实验结果表明,该方法在保护告警序列隐私的同时,能够提高告警关联准确性。

关键词: 入侵检测, 告警关联, 差分隐私保护, 频繁序列挖掘, 前缀树

Abstract: In the cooperative analysis of intrusion information of networks,the sharing of alerts data will bring the risks of privacy leaks to the attacked ones.Considering that the existing methods for protecting the privacy of alerts information cannot be able to deal with malware analysis with arbitrary background knowledge,a new correlation method for network alerts based on differential privacy protection is presented.The origin alert sequences dataset is the input and the Laplace mechanism is used to build the noisy prefix tree which supporting differential privacy protection.On this basis,the sanitized alert sequences dataset is generated by traversing the noisy prefix tree,and the alerts are correlated by mining frequent sequences.Moreover,this method is proved theoretically that it is able to fulfill ε-differentially private.An experiment is conducted with LLDoS1.0 inside traffic dataset,and the result demonstrates that the proposed method can remain available in the process of preserving privacy.

Key words: intrusion detection, alerts correlation, differential privacy protection, frequent sequence mining, prefix tree

中图分类号: