摘要
基于裁决差异性判别进行威胁推测是拟态防御系统屏蔽和阻断攻击威胁的重要机制,然而现有的拟态裁决机制无法对拟态防御系统安全态势进行有效归纳分析和威胁管控。为此,以拟态Web服务系统为例,将网络态势感知技术融入到拟态防御架构中,提出一种改进的Web威胁态势分析方法。对多层次的拟态裁决告警日志进行数据关联,挖掘及分类融合提取的特征数据信息,并对不同类型的分类数据进行可视化展示。实验结果表明,该方法能够显示拟态防御系统的安全状态,及时获悉异常执行体的运行情况,从而实现对拟态防御系统的安全态势进行分析与评估。
Threat adjudication based on the judge method of ruling difference is an important mechanism for the mimic defense system to shield and block the threat of attacks.However,the existing mimic adjudication mechanism cannot conduct effective inductive analysis and threat control on the security situation of the mimic defense systems.Therefore,taking the mimic Web service system as an example,and integrating the network situation awareness technology into the mimic defense architecture,this paper proposes an improved Web threat situation analysis method.The data association is performed on the multi-level mimic adjudication alarm log.The feature data information extracted by fusion is deeply mined and classified.Different types of classification data are visually displayed.Experimental results show that the method can display the security state of the mimic defense systems,and is informed of the running state of the abnormal execution body in time,so as to realize the analysis and evaluation of the security situation of the mimic defense systems.
作者
李卫超
张铮
王立群
刘镇武
刘浩
LI Weichao;ZHANG Zheng;WANG Liqun;LIU Zhenwu;LIU Hao(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2019年第8期1-6,共6页
Computer Engineering
基金
国家重点研发计划“网络空间安全”重点专项(2018YFB0804003)
上海市科学技术委员会科研计划项目(16DZ1120502)
关键词
拟态防御
WEB服务系统
数据关联
威胁分类
可视化技术
mimic defense
Web service system
data association
threat classification
visualization technology
