A Web Threat Situation Analysis Method for Mimic Structure

doi:10.19678/j.issn.1000-3428.0054221

Abstract

Abstract: Threat adjudication based on the judge method of ruling difference is an important mechanism for the mimic defense system to shield and block the threat of attacks.However,the existing mimic adjudication mechanism cannot conduct effective inductive analysis and threat control on the security situation of the mimic defense systems.Therefore,taking the mimic Web service system as an example,and integrating the network situation awareness technology into the mimic defense architecture,this paper proposes an improved Web threat situation analysis method.The data association is performed on the multi-level mimic adjudication alarm log.The feature data information extracted by fusion is deeply mined and classified.Different types of classification data are visually displayed.Experimental results show that the method can display the security state of the mimic defense systems,and is informed of the running state of the abnormal execution body in time,so as to realize the analysis and evaluation of the security situation of the mimic defense systems.

Key words: mimic defense, Web service system, data association, threat classification, visualization technology

摘要： 基于裁决差异性判别进行威胁推测是拟态防御系统屏蔽和阻断攻击威胁的重要机制，然而现有的拟态裁决机制无法对拟态防御系统安全态势进行有效归纳分析和威胁管控。为此，以拟态Web服务系统为例，将网络态势感知技术融入到拟态防御架构中，提出一种改进的Web威胁态势分析方法。对多层次的拟态裁决告警日志进行数据关联，挖掘及分类融合提取的特征数据信息，并对不同类型的分类数据进行可视化展示。实验结果表明，该方法能够显示拟态防御系统的安全状态，及时获悉异常执行体的运行情况，从而实现对拟态防御系统的安全态势进行分析与评估。

关键词: 拟态防御, Web服务系统, 数据关联, 威胁分类, 可视化技术

CLC Number:

TP391

LI Weichao, ZHANG Zheng, WANG Liqun, LIU Zhenwu, LIU Hao. A Web Threat Situation Analysis Method for Mimic Structure[J]. Computer Engineering, 2019, 45(8): 1-6.

李卫超, 张铮, 王立群, 刘镇武, 刘浩. 一种拟态构造的Web威胁态势分析方法[J]. 计算机工程, 2019, 45(8): 1-6.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0054221

http://www.ecice06.com/EN/Y2019/V45/I8/1

References 25

[1]	中国信息安全测评中心.国家信息安全漏洞通报[J].中国信息安全,2018(3):110-113.
[2]	邬江兴.网络空间拟态防御研究[J].信息安全学报,2016,1(4):1-10.
[3]	林森杰,刘勤让,王孝龙.面向拟态防御系统的竞赛式仲裁模型[J].计算机工程,2018,44(4):193-198.
[4]	张杰鑫,庞建民,张铮,等.面向拟态构造Web服务器的执行体调度算法[J/OL].计算机工程:1-12.[2019-04-12].http://www.ecice06.com/CN/10.19678j.issn.1000-3428.0053425. URL
[5]	王伟,曾俊杰,李光松,等.动态异构冗余系统的安全性分析[J].计算机工程,2018,44(10):42-45,50.
[6]	仝青,张铮,张为华,等.拟态防御Web服务器设计与实现[J].软件学报,2017,28(4):883-897.
[7]	张铮,马博林,邬江兴.Web服务器拟态防御原理验证系统测试与分析[J].信息安全学报,2017,2(1):13-28.
[8]	龚正虎,卓莹.网络态势感知研究[J].软件学报,2010,21(7):1605-1619.
[9]	TADDA G,SALERNO J J.Realizing situation awareness within a cyber environment[EB/OL].[2018-10-21].https://doi.org/10.1117/12.665763.
[10]	MAUW S,OOSTDIJK M.Foundations of attack trees[C]//Proceedings of ICICS'06.Berlin,Germany:Springer,2006:186-198.
[11]	MOORE A P,ELLISON R J,LINGER R C.Attack modeling for information security and survivability[EB/OL].[2018-10-21].https://www.researchgate.net.
[12]	SWILER L P,PHILLIPS C.A graph-based system for network-vulnerability analysis[C]//Proceedings of NSOW'98.Washington D.C.,USA:IEEE Press,1998:71-79.
[13]	HAMID T K A.Attack graph approach to dynamic network vulnerability analysis and countermeasures[EB/OL].[2018-10-21].https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.665736.
[14]	NOVAK J,NORTHCUTT S.Network intrusion detection[J].EDPACS,2000,27(7):1-2.
[15]	张永铮,方滨兴,迟悦,等.用于评估网络信息系统的风险传播模型[J].软件学报,2007,18(1):137-145.
[16]	陈秀真,郑庆华,管晓宏.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897.
[17]	姜伟,方滨兴,田志宏,等.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报,2009,32(4):817-827.
[18]	龚俭,臧小东,苏琪.网络安全态势感知综述[J].软件学报,2017,28(4):1010-1026.
[19]	DUTT V,AHN Y S,GONZALEZ C.Cyber situation awareness:modeling the security analyst in a cyber-attack scenario through instance-based learning[C]//Proceedings of IFIP Annual Conference on Data and Applications Security and Privacy.Berlin,Germany:Springer,2011:280-292.
[20]	KARAGIANNIS T,PAPAGIANNAKI K,FALOUTSOS M.Blinc:multilevel traffic classificaion in the dark[J].ACM SIGCOMM Computer Communication Review,2005,35(4):229-240.
[21]	李伟明,雷杰,董静,等.一种优化的实时网络安全风险量化方法[J].计算机学报,2009,32(4):793-804.
[22]	RINZLER K,CINO R,SCULLY B.Situational awareness system security features[J].Computers and Security,2018,46(1):18-31.
[23]	WANG Yuyang,NARASIMHA M,HEATH J R W.MmWave beam prediction with situational awareness:a machine learning approach[C]//Proceedings of the 19th IEEE International Workshop on Signal Processing Advances in Wireless Communications.Washington D.C.,USA:IEEE Press,2018:145-154.
[24]	KULLMAN K,CWLEY J,BEN-ASHER N.Enhancing cyber defense situational awareness using 3D visualizations[C]//Proceedings of International Conference on Cyber Warfare and Security.Washington D.C.,USA:IEEE Press,2018:226-234.
[25]	LOPEZCUEVAS A,MEDINAPEREZ M A,MONROY R,et al.FiToViz:a visualisation approach for real-time risk situation awareness[J].IEEE Transactions on Affective Computing,2018,9(3):372-382.

Please choose a citation manager

Content to export