规划识别在自动响应系统中的应用
|
摘要
智能规划识别是人工智能研究中一个很活跃的研究领域,它已经被广泛地用于自然语言理解,知识推理,情景演算,agent助手等多个研究领域。尤其近来有学者将规划识别技术与入侵检测技术相结合应用于网络安全方面,取得了很多重要理论研究成果。
入侵检测系统是根据分析采集的主机系统或网络的活动来检测入侵行为,入侵检测系统分为基于主机的入侵检测系统和基于网络的入侵检测系统。入侵检测技术是继传统的安全保护措施之后新一代的安全保障技术,自从其诞生以来就对保障计算机的安全有着重要意义。目前,入侵防范研究的重点还是在入侵预防和入侵检测上,入侵响应大都只是在IDS系统中实现,其响应方式和响应能力受到一定限制。国外已经在入侵响应系统的技术方法和模型方面开展了研究。在面对大量网络攻击事件时,自动入侵响应系统能够在入侵发生后主动采取措施阻击入侵的延续和降低系统的损失,保护系统。
本文通过对现有的规划识别及入侵检测理论的研究,基于规划识别理论有预测agent未来动作的特性,提出了在自动入侵响应系统中应用规划识别理论的想法,进而给出了自动响应系统中的规划识别模型。模型不仅能够识别出敌意入侵规划的目标,预测出对手将要采取的敌意动作,而且还可以在识别的过程中,给出敌意动作的应对措施,甚至还给出了即将要发生的敌意动作的解决方案。因此该模型很好地提高了现有系统及网络的安全性能。
文中首次提出了在入侵检测领域中的敌意规划、敌意动作、应对动作、应对规划等概念,并且给出了相应的统一表示方法,同时给出了在自动响应系统中的树型层次结构的规划响应库模型,以及在此模型下的自动响应系统模型框架。框架中的事件采集器从网络数据包和主机日志中采集事件数据,自动响应系统则从规划响应库中搜索敌意规划和应对规划,这样一方面识别敌意规划目的意图,一方面给出应对措施,保护了系统,提高了系统的安全性。
Intelligent plan recognition is an active research area in artificial intelligence. It has been applied into many research fields such as natural language understanding, knowledge reasoning, agent help and so on. Especially nowadays some scholars combined plan recognition with intrusion detection systems in internet security research and got very good results.
Intrusion detection system is to detect intrusion action according to the analysis of host or network activity gathered. Intrusion detection system is classified to based-on host IDS and based-on network IDS.IDS technology is a new generation of security different from tradition security technology. Now research on IDS is focused on intrusion protection and intrusion detection. Intrusion response is mainly implemented in IDS, which limits the performance of response method and response ability. Foreign scholars have carried out research on intrusion response systems and models. With a large amount of network attacks, the intrusion response systems can actively protect the compromised systems and minimize the loss of the system after the intrusion happened.
With research on plan recognition and intrusion detection system theory, based-on attribute of plan recognition predicting agent future actions, this paper proposes the idea of using plan recognition in IDS, then gives the plan recognition model in the automated intrusion response system. This model can not only recognize the goal of hostile intrusion plan and the future hostile actions, but also give response action to the actions and even future hostile actions. Thus the model improves the safety of computer system and the Internet domain.
入侵检测系统是根据分析采集的主机系统或网络的活动来检测入侵行为,入侵检测系统分为基于主机的入侵检测系统和基于网络的入侵检测系统。入侵检测技术是继传统的安全保护措施之后新一代的安全保障技术,自从其诞生以来就对保障计算机的安全有着重要意义。目前,入侵防范研究的重点还是在入侵预防和入侵检测上,入侵响应大都只是在IDS系统中实现,其响应方式和响应能力受到一定限制。国外已经在入侵响应系统的技术方法和模型方面开展了研究。在面对大量网络攻击事件时,自动入侵响应系统能够在入侵发生后主动采取措施阻击入侵的延续和降低系统的损失,保护系统。
本文通过对现有的规划识别及入侵检测理论的研究,基于规划识别理论有预测agent未来动作的特性,提出了在自动入侵响应系统中应用规划识别理论的想法,进而给出了自动响应系统中的规划识别模型。模型不仅能够识别出敌意入侵规划的目标,预测出对手将要采取的敌意动作,而且还可以在识别的过程中,给出敌意动作的应对措施,甚至还给出了即将要发生的敌意动作的解决方案。因此该模型很好地提高了现有系统及网络的安全性能。
文中首次提出了在入侵检测领域中的敌意规划、敌意动作、应对动作、应对规划等概念,并且给出了相应的统一表示方法,同时给出了在自动响应系统中的树型层次结构的规划响应库模型,以及在此模型下的自动响应系统模型框架。框架中的事件采集器从网络数据包和主机日志中采集事件数据,自动响应系统则从规划响应库中搜索敌意规划和应对规划,这样一方面识别敌意规划目的意图,一方面给出应对措施,保护了系统,提高了系统的安全性。
Intelligent plan recognition is an active research area in artificial intelligence. It has been applied into many research fields such as natural language understanding, knowledge reasoning, agent help and so on. Especially nowadays some scholars combined plan recognition with intrusion detection systems in internet security research and got very good results.
Intrusion detection system is to detect intrusion action according to the analysis of host or network activity gathered. Intrusion detection system is classified to based-on host IDS and based-on network IDS.IDS technology is a new generation of security different from tradition security technology. Now research on IDS is focused on intrusion protection and intrusion detection. Intrusion response is mainly implemented in IDS, which limits the performance of response method and response ability. Foreign scholars have carried out research on intrusion response systems and models. With a large amount of network attacks, the intrusion response systems can actively protect the compromised systems and minimize the loss of the system after the intrusion happened.
With research on plan recognition and intrusion detection system theory, based-on attribute of plan recognition predicting agent future actions, this paper proposes the idea of using plan recognition in IDS, then gives the plan recognition model in the automated intrusion response system. This model can not only recognize the goal of hostile intrusion plan and the future hostile actions, but also give response action to the actions and even future hostile actions. Thus the model improves the safety of computer system and the Internet domain.
引文
[1]Denning D.An Intrusion Detection Model.IEEE Tranctions on Software Engineering,1987
[2]Clifford Kahn,Phillip A Porras,Stuart Staniford-Chen et al.A Common Intrusion Detection Framework,1998
[3]张剑, 龚俭.一种基于非单调逻辑理论的入侵检测系统.计算机学报第 26 卷第 9 期, 2003 年 9月
[4]陈观林, 王泽兵, 冯雁.智能化网络入侵检测模型的研究.计算机工程与应用,2005
[5]李家春, 李芝棠.入侵检测的规划识别模型研究.华中科技大学学报,第 32 卷第 3 期,2004 年 3月
[6]Carver C A. Intrusion Response Systems :A Survey. http://faculty.cs.tamu.edu/
[7]张运凯, 张玉清, 王长广, 王方伟, 马建峰.自动入侵响应系统的研究.计算机工程,第 30 卷第11 期,2004 年 6 月
[8]Henry,A.,Kautz . A Formal theory of plan recognition [Ph.D.Thesis] Rochester:University of Rochester,1987
[9]Hong,J.Graph Construction and Analysis as a paradigm for Plan Recognition.Seventeenth National Conference of Artificial Intelligence, Austin, Texas, USA,Publisher:AAAI Press, pp774~779,2000.
[10]Hong,J.Plan Recognition Through Goal Graph Analysis.ECAI-2000:14th EuropeanConference on Artificial Intelligence, Berlin, Germany, Publisher: IOS press, pp496~500,2000.
[11]Ming-hao Yin,Wen-xiang Gu,Ri-xian Liu,Xiao-long Liu. Using regressive graph as a novel paradigm in plan recognition,ICMLC2003
[12]McCarthy J. Circumscription-A form of non-monotonic reasoning. Artificial Intelligence ,1980,13:27-39
[13]Sandra Carberry. Incorpatin Default Inferences into Plan Recognition. In Proceedings of the Eighth National Conference on Artificial Intelligence,page471-478,Boston, Massachusetts,1990.
[14]Charniak,E.,Goldman,R.P.A Bayesian model of plan recognition.Artificial Intelligence ,1993,64(1):53-79
[15]Villain,M.Getting serious about parsing plans:a grammatical analysis of plan recognition.In:Proceedings of the 8th National Conference on Artificial Intelligence.Boston:AAAI Press.1990.190~197
[16]姜云飞,马宁.一种基于规划知识图的规划识别算法.软件学报 2002(04):0686-07
[17]Avirm L.Blum,Merrick L.Furst.Fast planning through planning graph analysis inArtificial Intelligence 90(1997):281-300
[18]Karen Hu and Victor Lesser.Knowledge-based command understanding: An example for the software development environment .Technical Report TR 82-6,University of Massachusetts at Amherst,1982.
[19]Neal Lesh and Oren Etzioni.A sound and fast goal gecognizer.In IJCAI95 Proceedings of the Fourteenth Internatinal Joint Conference on Artificial Intelligence,pages1704~1710,Montreal ,Canada,1995.
[20]Martin Kay,Jean Mark Gawron,and Peter Norvig.Verbmobil a Translatin System for Face-to-Face Dialog.Number 33 in CSLI Lecture Notes.Center for the Study of Language and Information,Stanford,CA,1994.
[21]Sandra Carberry. Plan Recognition in Natural Language Dialogue.ACL-MIT Press Series on Natural Language Procesing.MIT Press,1990.
[22]James Mayeld. Goal Analysis:Plan Recognition in Dialogue Systems.PhD thesis,University of California at Berkeley,Computer Science Division(EECS).1989.Technical Report UCB89/521
[23]M. Bauer and G. Paul. Logic-based plan recognition for intelligent help systems.Research Report 93-43,German Research Center for Articial Intelligence(DFKI),1993
[24]J.Greer and GM. Koehn.The Peculiarities of Plan Recognition for Intelligent Tutoring Systems.In M.Bauer,editor,IJCAI95 Workshop on The Next 38
[25]刘日仙,谷文祥,殷明浩.智能规划识别及其应用的研究,计算机工程
[26]Robert P.Goldman , Christopher W.Geib and Christopher A.Miller A New Model of Plan Recognition Proc.1999 Conference on Uncertainty in Artificial Intelligence Stockholm,July 1999
[27] Christopher W.Geib, Robert P.Goldman. Recognizing Plan/Goal Abandonment, Proceedings of IJCAI-2003
[28] Christopher W.Geib. Assessing the Complexity of Plan Recognition ,Proceedings of AAAI-2004
[29] Christopher W.Geib,Steven A.Harp. Empirical Analysis of a Probabilistic Task Tracking Algorithm
[30] Christopher W.Geib, Robert P.Goldman. Plan Recognition in Intrusion Detection Systems Proceedings of the DISCEX-II Conference
[31]Geib,C.,and Goldman,R.,2001b,Probabilistic Plan Recognition for Hostile Agents,Proceedings of the FLAIRS01 Conference ,Key West
[32]冯力,管晓宏,郭三刚,高艳,刘培妮.采用规划识别理论预测系统调用序列中的入侵企图.计算机学报,2004 年 8 月, 第 27 卷 第 8 期
[2]Clifford Kahn,Phillip A Porras,Stuart Staniford-Chen et al.A Common Intrusion Detection Framework,1998
[3]张剑, 龚俭.一种基于非单调逻辑理论的入侵检测系统.计算机学报第 26 卷第 9 期, 2003 年 9月
[4]陈观林, 王泽兵, 冯雁.智能化网络入侵检测模型的研究.计算机工程与应用,2005
[5]李家春, 李芝棠.入侵检测的规划识别模型研究.华中科技大学学报,第 32 卷第 3 期,2004 年 3月
[6]Carver C A. Intrusion Response Systems :A Survey. http://faculty.cs.tamu.edu/
[7]张运凯, 张玉清, 王长广, 王方伟, 马建峰.自动入侵响应系统的研究.计算机工程,第 30 卷第11 期,2004 年 6 月
[8]Henry,A.,Kautz . A Formal theory of plan recognition [Ph.D.Thesis] Rochester:University of Rochester,1987
[9]Hong,J.Graph Construction and Analysis as a paradigm for Plan Recognition.Seventeenth National Conference of Artificial Intelligence, Austin, Texas, USA,Publisher:AAAI Press, pp774~779,2000.
[10]Hong,J.Plan Recognition Through Goal Graph Analysis.ECAI-2000:14th EuropeanConference on Artificial Intelligence, Berlin, Germany, Publisher: IOS press, pp496~500,2000.
[11]Ming-hao Yin,Wen-xiang Gu,Ri-xian Liu,Xiao-long Liu. Using regressive graph as a novel paradigm in plan recognition,ICMLC2003
[12]McCarthy J. Circumscription-A form of non-monotonic reasoning. Artificial Intelligence ,1980,13:27-39
[13]Sandra Carberry. Incorpatin Default Inferences into Plan Recognition. In Proceedings of the Eighth National Conference on Artificial Intelligence,page471-478,Boston, Massachusetts,1990.
[14]Charniak,E.,Goldman,R.P.A Bayesian model of plan recognition.Artificial Intelligence ,1993,64(1):53-79
[15]Villain,M.Getting serious about parsing plans:a grammatical analysis of plan recognition.In:Proceedings of the 8th National Conference on Artificial Intelligence.Boston:AAAI Press.1990.190~197
[16]姜云飞,马宁.一种基于规划知识图的规划识别算法.软件学报 2002(04):0686-07
[17]Avirm L.Blum,Merrick L.Furst.Fast planning through planning graph analysis inArtificial Intelligence 90(1997):281-300
[18]Karen Hu and Victor Lesser.Knowledge-based command understanding: An example for the software development environment .Technical Report TR 82-6,University of Massachusetts at Amherst,1982.
[19]Neal Lesh and Oren Etzioni.A sound and fast goal gecognizer.In IJCAI95 Proceedings of the Fourteenth Internatinal Joint Conference on Artificial Intelligence,pages1704~1710,Montreal ,Canada,1995.
[20]Martin Kay,Jean Mark Gawron,and Peter Norvig.Verbmobil a Translatin System for Face-to-Face Dialog.Number 33 in CSLI Lecture Notes.Center for the Study of Language and Information,Stanford,CA,1994.
[21]Sandra Carberry. Plan Recognition in Natural Language Dialogue.ACL-MIT Press Series on Natural Language Procesing.MIT Press,1990.
[22]James Mayeld. Goal Analysis:Plan Recognition in Dialogue Systems.PhD thesis,University of California at Berkeley,Computer Science Division(EECS).1989.Technical Report UCB89/521
[23]M. Bauer and G. Paul. Logic-based plan recognition for intelligent help systems.Research Report 93-43,German Research Center for Articial Intelligence(DFKI),1993
[24]J.Greer and GM. Koehn.The Peculiarities of Plan Recognition for Intelligent Tutoring Systems.In M.Bauer,editor,IJCAI95 Workshop on The Next 38
[25]刘日仙,谷文祥,殷明浩.智能规划识别及其应用的研究,计算机工程
[26]Robert P.Goldman , Christopher W.Geib and Christopher A.Miller A New Model of Plan Recognition Proc.1999 Conference on Uncertainty in Artificial Intelligence Stockholm,July 1999
[27] Christopher W.Geib, Robert P.Goldman. Recognizing Plan/Goal Abandonment, Proceedings of IJCAI-2003
[28] Christopher W.Geib. Assessing the Complexity of Plan Recognition ,Proceedings of AAAI-2004
[29] Christopher W.Geib,Steven A.Harp. Empirical Analysis of a Probabilistic Task Tracking Algorithm
[30] Christopher W.Geib, Robert P.Goldman. Plan Recognition in Intrusion Detection Systems Proceedings of the DISCEX-II Conference
[31]Geib,C.,and Goldman,R.,2001b,Probabilistic Plan Recognition for Hostile Agents,Proceedings of the FLAIRS01 Conference ,Key West
[32]冯力,管晓宏,郭三刚,高艳,刘培妮.采用规划识别理论预测系统调用序列中的入侵企图.计算机学报,2004 年 8 月, 第 27 卷 第 8 期