期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

多步攻击的规则树检测及可视化 被引量:1

Multi-step attacks detected by rules tree and visualization
原文传递
导出
摘要 在网络安全可视化领域中,多步攻击场景呈现过程与日志信息交互性不足,难以让一般的网络安全管理员通过警报日志信息直观发现多步攻击特性。通过实现一种基于规则树的多步攻击场景呈现工具,应用规则树方法对多步攻击行为模式进行描述,通过XML进行模板库定义,设计可视化模型,采用2维向量和3维立体图对比的方法呈现多步攻击场景并分析它们各自的优势,通过实验验证了工具的有效性和设计的合理性。 In the cyber security visualization of field, the multi-step attacks visualization has shortage in interacting with logs. This cannot be effective to make the network security administrator find multi-step attacks using logs. In this paper, we present a multi-step attack visualization tool, which is based on rules tree. It describes multi-stage attacks model by rules tree, defines a template library by XML and designs visualization models. It represents the multi-step attacks scene by comparing vector visualization and three-dimensional visualization, and finds the advantages. Our experiments prove the tool's validity and the design's rationality.
作者 胡亮 赵剑明 解男男 努尔布力
机构地区 吉林大学计算机科学与技术学院 新疆大学信息科学与工程学院
出处 《中国图象图形学报》 CSCD 北大核心 2013年第3期299-304,共6页 Journal of Image and Graphics
基金 国家高技术研究发展计划(863)基金项目(2011AA010101) 国家重点基础研究发展计划(973)基金项目(2009CB320706) 国家自然科学基金项目(61163052 61073009) 新疆大学博士启动基金项目(BS110126)
关键词 安全可视化 规则树 多步攻击 警报关联 可视化呈现 security visualization rules tree multi-step attacks alert correlation visualization representation
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1Mathew S, Giomundo R, Upadhyaya S, et al. Understanding multistage attacks by attack track based visualization of heteroge- neous event streams [ C ]//Proceedings of the 3rd International Workshop on Visualization for Computer Security. New York, USA:ACM, 2006:1-6.
  • 2Colombe JB, Stephens G. Statistical profiling and visualization for detection of malicious insider attacks on computer networks [ C ]//Proceedings of the 20th Annual Computer Security Appli- cations Conference. Washington, USA:IEEE Computer Society, 2004 : 138-142.
  • 3杨昊,努尔布力,徐欢,胡亮.一种基于入侵场景的可视化呈现系统[J].小型微型计算机系统,2010,31(10):2059-2064. 被引量:1
  • 4Joel G, Stephen B, Teryl T, et al. Overflow : an overview visuali- zation for network analysis [ C ]//Proceedings of the 6th Intema- tional Workshop on Visualization for Computer Security. New Jersey, USA:IEEE Computer Society,2009:11-18.
  • 5Raffael M. Applied Security Visualization [ M ]. Bostem : Addison-Wesley, 2008:65-117.
  • 6Raffael M. The DAVIX Live CD [ EB/CD ]. ( 2008-02-17 ) [ 2012-09-17 ]. http://www, secviz, org/content/the-davix-live- cd/.
  • 7Noel S, Jacobs M, Kalapa P, et al. Muhiple coordinated views for network attack graphs[ C]/! Proceedings of the 2nd Interna- tional Workshop on Visualization for Computer Security. Wash- ington, USA:IEEE Computer Society, 2005:99-106.
  • 8Noel S, Robertson E,Jajodia S. Correlating intrusion events and building attack scenarios through attack graph distances [ C ]// Proceedings of the 20th Annual Computer Security Applications Conference. Washington, USA : IEEE Computer Society, 2004 : 350-359.
  • 9Erbacher R, Christensen K, Sundberg A. Designing visualization capabilities for IDS challenges [ C ]// Proceedings of the 2nd International Workshop on Visualization for Computer Security. Washington, USA : IEEE Computer Society, 2005 : 120-127.
  • 10Anatoly Y, Dennis G. Visualization of complex attacks and state of attacked network [ C ]//Proceedings of the 6th International Workshop on Visualization for Computer Security. New Jersey, USA : IEEE Computer Society ,2009 : 1-9.

二级参考文献2

同被引文献15

引证文献1

中国图象图形学报
2013年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部