Abstract:Cyber situation awareness is one of the foundations to achieve command and control in cyberspace, which aims to identify the attack behaviors appearing in cyberspace from partial, trivial and distributed information. It can provide high level situation knowledge for commanders and assist them to make reasonable decisions. In order to solve the problem of attack scenario awareness and inference, a cyber-attack scenario awareness and inference technology based on probability transition is proposed in this paper. Firstly, the alert stream is clustered based on the sliding window. Then after analyzing the cluster sets, various attack scenarios appearing in cyberspace are inferred and generated. We use the Markov chain model to represent attack scenarios, the cyber-attack situation can be presented to commanders directly in this way. Finally, we test and assess the approaches proposed in this paper based on the botnet of Zeus, and the experimental results show that the approaches are feasible and advanced.
引用本文:
冯学伟, 况晓辉, 孙晓霞. 一种基于概率转移的Cyber 攻击场景感知推理技术[J]. 指挥与控制学报, 2015, 1(1): 62-67.
FENG Xue-Wei, KUANG Xiao-Hui, SUN Xiao-Xia. Cyber Attack Scenario Awareness and Inference Based on Probability Transition. journal1, 2015, 1(1): 62-67.