主机安全入侵防护数据检测中的关联置信度判断

吉林大学学报(信息科学版) ›› 2023, Vol. 41 ›› Issue (6): 983-989.

主机安全入侵防护数据检测中的关联置信度判断

张小陆, 沈伍强, 崔磊

广东电网有限责任公司信息中心, 广州 510300

收稿日期:2022-09-27 出版日期:2023-11-30 发布日期:2023-12-01
作者简介:张小陆(1993— ), 女, 山西长治人, 广东电网有限责任公司工程师, 主要从事电力自动化、网络安全等研究, (Tel)86- 13268108766(E-mail)wa20210909@ 126. com
基金资助:
广东省教育厅专项科学研究计划基金资助项目(21JK0813)

Reliability Analysis of Host Security Intrusion Protection for Data Association

ZHANG Xiaolu, SHEN Wuqiang, CUI Lei

Information Center, Guangdong Power Grid Company Limited, Guangzhou 510300, China

Received:2022-09-27 Online:2023-11-30 Published:2023-12-01

摘要/Abstract

摘要： 针对主机在具有延迟响应特征的入侵数据时, 对现有判断模式与延迟数据存在关联度失联的情况, 导致主机安全防护存在节点间数据关联置信度判断失真, 入侵检测失败的问题, 提出一种入侵数据关联置信度判断方法。在主机安全防护框架下, 采用主机防火墙数据包过滤技术对异常数据进行剔除; 采用分布式部署的方式将安全节点放置于主机内, 并利用数学模型技术进行入侵攻击检测; 通过对正常数据间的关联进行分析, 确定数据间的关联置信度, 进而完成入侵判断。实验结果表明, 通过对主机安全防护系统进行具有延迟特征的病毒、木马攻击成功次数测试、数据包监测所用时间测试和功能覆盖率测试, 验证了该系统的安全性和有效性。

关键词: 数据关联分析；主机安全防护；系统设计；防火墙数据包过滤, 延迟特征

Abstract: When the host has intrusion data with delayed response characteristics, the existing judgment mode is disconnected from the delayed data, resulting in distorted judgment of data association confidence between nodes and failure of intrusion detection. A method to judge the confidence of intrusion data association is proposed. Under the host security protection framework, the host firewall packet filtering technology is used to eliminate abnormal data. The security node is placed in the host by distributed deployment, and intrusion detection is carried out by using mathematical model technology. By analyzing the association between normal data, the association confidence between data is determined, and then the intrusion judgment is completed. The experimental results show that the security and effectiveness of the host security protection system are verified by testing the successful times of virus and Trojan attacks with delay characteristics, the time used for packet monitoring, and the functional coverage.

Key words: data association analysis, host safety protection, system design, firewall packet filtering, delay characteristics

中图分类号:

TN945. 23

张小陆, 沈伍强, 崔磊. 主机安全入侵防护数据检测中的关联置信度判断 [J]. 吉林大学学报(信息科学版), 2023, 41(6): 983-989.

ZHANG Xiaolu, SHEN Wuqiang, CUI Lei. Reliability Analysis of Host Security Intrusion Protection for Data Association [J]. Journal of Jilin University (Information Science Edition), 2023, 41(6): 983-989.