基于双枝模糊集与模糊Petri网的攻击模型研究
|
摘要
随着网络攻击技术和安全防御技术的不断发展,攻击和防御已经成为网络安全的两个密切相关的侧面,不深入研究攻击理论和技术就不能有效地保护网络信息系统的安全。网络攻击研究的一个关键问题是对攻击的认识和描述。攻击模型能对整个攻击过程进行结构化和形象化的描述,有助于分析和充分利用已知的攻击行为研究成果,进一步提高攻击检测和安全预警的效率。
本文以双枝模糊集和模糊Petri网为理论基础,以既有攻击因素、又有防御因素的网络攻击形式为研究对象,将网络攻击中对攻击起促进与抑制作用的两方面进行综合考虑与分析,提出了一系列对网络攻击进行定性定量描述的方法。首先,以双枝模糊决策和模糊Petri网理论为基础,定义了一种全新的网络攻击模型BBFPAN(Both-Branch Fuzzy Petri-net Attack net)。并在对变迁输入库所集中因素进行双枝模糊决策分析的基础上,结合一种不确定推理方法,给出了相应的BBFPAN推理算法。其次,在深入研究分析了集对分析理论和双枝模糊集的关系之后,发现了以双枝模糊集为基础的网络攻击模型BBFPAN中多层次的集对关系,从而首次将集对分析理论应用于攻击模型的分析研究,提出了BBFPAN双枝集对分析模型。随后,本文以双枝模糊逻辑理论为依据,提出了BBFPAN模型推理的基本规则,并结合BBFPAN模型的定义,给出其相应基于双枝模糊逻辑的推理算法,进一步完善了攻击模型BBFPAN的推理方法。最后,针对以模糊Petri网为理论基础的新型网络攻击模型BBFPAN,自学习能力差的缺点。本文就此做了初步的探索研究,提出了一种适用于BBFPAN进行层次式划分的分层算法和相应的推理算法。
本文将对攻击实施起正反两方面作用的因素一起考虑,提出了一系列对网络攻击进行定性定量描述的方法,并就神经网络在攻击模型BBFPAN中的应用做了初步探索研究,有利于日后的进一步研究。
As the developing of the attack and defend technology,attack and defend also become two sides that closely related of network security.Further investigate, attack theory and technology can protect network security of information system effectively.It is a key problem studied about that understanding and description to the network attacks.Attack models can help in describing and analyzing the course of attack structurally and pictorially,facilitate analyzing and utilizing the known attack,further more that can help in improving the efficiency of attacking measuring and security prediction.
Based on both-branch fuzzy sets and fuzzy Petri net(FPN),the network attack with the promoting and suppressive factors will be researched in this article and the promoting and suppressive factors are analyzed together.A series of qualitative and quantitative approach to network attack are put forward.At the beginning,based on both-branch fuzzy decision-making and FPN,a new network attack model named both-branch fuzzy Petri-net attack net(BBFPAN)is put forward.Through the both-branch fuzzy decision-making analysis to the factors of input place set,a reasoning algorithm is proposed which applies incertitude consequence way.For another,delved into the both-branch fuzzy sets and set pair analysis,more levels set pair within the BBFPAN based on the both-branch fuzzy sets can be discovered.A both-branch set pair analysis about BBFPAN is put forward which originally applies set pair analysis into the attack modeling.After this problem,based on the both-branch fuzzy logic,the basic inference rules about BBFPAN are put forward.A reasoning algorithm is proposed which use the basic inference rules and it can enrich the reasoning method of the attack model BBFPAN.At last,the lack of learning mechanism is the weakness of the fuzzy systems and is also the weakness to the new network attack model BBFPAN based on the fuzzy Petri net.We have done some preliminary exploratory research to the lack.A delaminating algorithm which can partition the BBFPAN into several levels and a fuzzy reasoning algorithm are presented.
This paper considers together the promoting and suppressive factors that have effect to the attacks.Kinds of qualitative and quantitative method about network attack are proposed.At the same time we have done some preliminary exploratory study about the BBFPAN using the neural network and have forecast the future further research direction.
本文以双枝模糊集和模糊Petri网为理论基础,以既有攻击因素、又有防御因素的网络攻击形式为研究对象,将网络攻击中对攻击起促进与抑制作用的两方面进行综合考虑与分析,提出了一系列对网络攻击进行定性定量描述的方法。首先,以双枝模糊决策和模糊Petri网理论为基础,定义了一种全新的网络攻击模型BBFPAN(Both-Branch Fuzzy Petri-net Attack net)。并在对变迁输入库所集中因素进行双枝模糊决策分析的基础上,结合一种不确定推理方法,给出了相应的BBFPAN推理算法。其次,在深入研究分析了集对分析理论和双枝模糊集的关系之后,发现了以双枝模糊集为基础的网络攻击模型BBFPAN中多层次的集对关系,从而首次将集对分析理论应用于攻击模型的分析研究,提出了BBFPAN双枝集对分析模型。随后,本文以双枝模糊逻辑理论为依据,提出了BBFPAN模型推理的基本规则,并结合BBFPAN模型的定义,给出其相应基于双枝模糊逻辑的推理算法,进一步完善了攻击模型BBFPAN的推理方法。最后,针对以模糊Petri网为理论基础的新型网络攻击模型BBFPAN,自学习能力差的缺点。本文就此做了初步的探索研究,提出了一种适用于BBFPAN进行层次式划分的分层算法和相应的推理算法。
本文将对攻击实施起正反两方面作用的因素一起考虑,提出了一系列对网络攻击进行定性定量描述的方法,并就神经网络在攻击模型BBFPAN中的应用做了初步探索研究,有利于日后的进一步研究。
As the developing of the attack and defend technology,attack and defend also become two sides that closely related of network security.Further investigate, attack theory and technology can protect network security of information system effectively.It is a key problem studied about that understanding and description to the network attacks.Attack models can help in describing and analyzing the course of attack structurally and pictorially,facilitate analyzing and utilizing the known attack,further more that can help in improving the efficiency of attacking measuring and security prediction.
Based on both-branch fuzzy sets and fuzzy Petri net(FPN),the network attack with the promoting and suppressive factors will be researched in this article and the promoting and suppressive factors are analyzed together.A series of qualitative and quantitative approach to network attack are put forward.At the beginning,based on both-branch fuzzy decision-making and FPN,a new network attack model named both-branch fuzzy Petri-net attack net(BBFPAN)is put forward.Through the both-branch fuzzy decision-making analysis to the factors of input place set,a reasoning algorithm is proposed which applies incertitude consequence way.For another,delved into the both-branch fuzzy sets and set pair analysis,more levels set pair within the BBFPAN based on the both-branch fuzzy sets can be discovered.A both-branch set pair analysis about BBFPAN is put forward which originally applies set pair analysis into the attack modeling.After this problem,based on the both-branch fuzzy logic,the basic inference rules about BBFPAN are put forward.A reasoning algorithm is proposed which use the basic inference rules and it can enrich the reasoning method of the attack model BBFPAN.At last,the lack of learning mechanism is the weakness of the fuzzy systems and is also the weakness to the new network attack model BBFPAN based on the fuzzy Petri net.We have done some preliminary exploratory research to the lack.A delaminating algorithm which can partition the BBFPAN into several levels and a fuzzy reasoning algorithm are presented.
This paper considers together the promoting and suppressive factors that have effect to the attacks.Kinds of qualitative and quantitative method about network attack are proposed.At the same time we have done some preliminary exploratory study about the BBFPAN using the neural network and have forecast the future further research direction.
引文
[1]赵小林,彭祖林,王亚彬,薛沙燕.网络安全技术概论[M].北京:国防工业出版社,2006
[2]刘建伟,王育民.网络安全:技术与实践[M].北京:清华大学出版社,2005
[3]陈春霞,黄皓.攻击模型的分析与研究[J].计算机应用研究,2005,(7):115-118
[4]MOORE AP,TLLISON R,LINGER RC.Attack modeling for information security and survivability[R].CMU/SEI-2001-TN-001,2001
[5]TIDWELL T,LARSON R,FITCH K.Modeling Internet Attacks[A].Proceedings of the 2001 IEEE Workshop on Information Assurance and Security[C],2001.54-59
[6]张博,李伟华.Phishing攻击行为及其防御模型研究[J],计算机工程,2006,32(14):125-128
[7]张基温,叶茜.分布式拒绝服务攻击建模与形式化描述[J],计算机工程与设计,2006,27(21):4125-4129
[8]念其锋,蔡开裕,杜秀春.基于攻击树的边界网关安全测试[J],计算机工程与科学,2006,28f8):14-19
[9]袁艺,王轶骏,薛质.基于攻击树的协同入侵攻击建模[J],信息安全与通信保密,2006,(3):55-57
[10]阚流星,鲁鹏俊,王丽娜,张焕国.基于攻击树和Agent技术的攻击模型[J],计算机工程,2003,29(18):80-82
[11]危胜军,胡昌振,谭惠民,模糊Petri网知识表示方法在入侵检测中的应用[J],计算机工程,2005,31(2):130-133
[12]MCDRMOTT J.Attack Net Penetration Testing[A].The 2000 New Security Parading Workshop[C],2000.5-22
[13]STEFFAN J,SCHUMACHER M.Collaborative attack modeling[A].Proceedings of SAC[C],2002
[14]BACE R,MELL P.Intrusion Detection Systems[A].NIST Special Publication on Intmsion Detection System[C],2001
[15]赖海光,黄皓,谢俊元.基于系统状态集合的攻击模型及其应用[J].计算机应用,2005,25(7):1535-1539
[16]PORRAS P.A.,KEMMERER R.A.Penetration state transition analysis:A rule-based intrusion detection approach.Proceedings of the Eighth Annual Computer Security App;ications Conference,1992,220-229.
[17]SWILER L.P,PHILLIPS C.,GAYLOR T.A graph-based network-vulnerability analysis system.Sandia National Laboratiories:Technical Report SAND97-3010/1.UC-705,1997.
[18]TEMPLETON S.J,LEVITT K.A requires/provides model for computer attacks.Proceedings of the New Security Paradigms Workshop 2000.Cork Ireland,2000,31-38.
[19]BRUCE SCHNEIER.Attack Trees.Dr.Dobb's Journal of Software Tools 24,12(Dec.1999)21-29
[20]JENSEN K.Colored Petri nets:Basic concepts,analysis methods and practical use.Vol.12nd edition.Berlin,Germany:Springer-Verlag,1997
[21]KUNAR S.,Classification and detection of computer Intrusions[Ph.D.dissertation].Department of Computer Science,Purdue University,1995
[22]KUNAR S.,SPAFFORD E.H.A pattern matching model for misuse intrusion detection.Proceedings of the 17~(th)National Computer Security,MD,1995,11-21
[23]ILGUN K..USTAT:A real-time intrusion detection system for UNIX.Proceedings of IEEE symposium on Research in Security and Privacy,Oakland,CA,1993,16.
[24]史开泉.双枝模糊集(Ⅰ).山东工业大学学报[J],1998,28(2):127-134
[25]史开泉.双枝模糊集(Ⅱ).山东工业大学学报[J],1998,28(2):144-149
[26]史开泉.双枝模糊集(Ⅲ).山东工业大学学报[J],1998,28(3):206-211
[27]史开泉,刘刚.双枝模糊集(Ⅳ).山东工程学院学报[J],1997,9(3):7-9
[28]史开泉.双枝模糊集(Ⅴ).山东工业大学学报[J],1998,28(5):463-472
[29]史开泉.双枝模糊集(Ⅵ).山东工业大学学报[J],1999,29(1):52-62
[30]史开泉.双枝模糊集(Ⅶ).山东工业大学学报[J],1999,29(3):233-239
[31]史开泉.双枝模糊集(Ⅷ).山东工业大学学报[J],1999,29(6):544-551
[32]ZADEH L.A Fuzzy Sets.Information and Control,1965,8:338-353
[33]史开泉,崔玉泉.双枝模糊决策与决策加密-认证[J]中国科学(E辑),2003,33(2):154-163
[34]史开泉,李岐强.双枝模糊决策与决策识别问题[J],中国工程,2001,3(1):71-77
[35]SHI KAIQUAN,CUI YUQUAN.Both-Branch fuzzy decision and decision encryption authentication[J].SCIENCE IN CHINA(Series F),2003,46(2):90-103.
[36]刘刚,徐衍亮,赵建辉等.双枝模糊逻辑[J],计算机工程与应用,2003, 39(30):96-98
[37]刘刚,刘强.双枝模糊推理框架[J]计算机工程与应用,2004,(32):102-105
[38]刘刚,赵建辉,刘强.双枝模糊逻辑(Ⅱ)[J].计算机工程与应用,2005,(19):47-49
[39]何新贵.模糊Petri网[J].计算机学报,1994,17(12):946-950.
[40]李英华,叶天荣,张虹霞.计算机非传统推理导论[M].北京:宇航出版社,1992.
[41]TZAFESTSA S G,CAPKOVIC F.Petri net-based approach to synthesis of intelligent control systems for DEDS[J].Computer-Assisted Management and control or manufacturing systems.New York:Springer,1997.523-531.
[42]高梅梅,吴智铭.模糊推理Petri网及其在故障诊断中的应用[J].自动化学报,2000,26(5):677-680.
[43]张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-112.
[44]SANS Website[EB/OL].http://www.securityfocus.com/.
[45]National Institute of Standards and Technology(NIST).ICAT Metabase[Z].http://icat.nist,gov/,2002.
[46]赵克勤.集对分析及其初步应用[M],杭州:浙江科技出版社,2000
[47]郑鹏,张弼云.基于集对分析的图书馆服务质量综合评价.情报杂志[J],2008,(1):145-158
[48]杨习贝,杨静宇等.不完备信息系统中的集对分析方法.计算机科学[J],2007,34(4):171-174
[49]邱林,冯晓波等.集对分析发在湖泊水质富营养化评价中的应用.人民长江[J],2008,39(5):52-54
[50]郑东良,黄文卿,孙亮.基于集对分析的预警机指挥多机编队空战态势评估.空军工程大学学报(自然科学版)[J],2008,9(1):9-13
[51]胡波,王汝传,王海艳.基于集对分析的P2P网络安全中的信誉度改进算法.电子学报[J],2007,35(2):244-247
[52]刘保相,张春英.基于SPA的双枝模糊决策分析.模糊系统与数学[J],2006,20(4):74-78
[53]刘林.应用模糊数学[M],陕西科学技术出版社,1996
[54]贾立新,薛钧义,茹峰.采用模糊Petri网的形式化推理算法及其应用[J].西安交通大学学报,2003,37(12):1263-1266
[55]马小平,李明,鲍海勇.基于模糊推理Petri网的胶带运输系统故障诊断 [J].东南大学学报(自然科学版),2003,(33):127-129
[56]魏海坤.神经网络结构设计的理论与方法[M],北京:国防工业出版社,2005
[57]TAKESHI FURUHASttI,HIDEHIRO YAMAMOTO.Fuzzy Control Stability Analysis Using a Generalized Fuzzy Petri Net Model[J].Journal of Advanced Computational Intelligence and Intelligent Informatics,1999,3(2):99-105
[58]宋群,马宏波,王中海.基于NNFPN模型的电梯故障诊断方法的研究[J].控制与决策,2005,20(3):341-344
[59]王维,潘凝,张建勋,卢桂章.基于人工神经网络与Petri网的宏观经济调控分析[J].系统工程理论与实践,2002,(8):41-48
[60]胡志刚,马好,廖麟.基于模糊神经Petri网的故障诊断模型[J].小型微型计算机系统,2005,26(11):1978-1982
[61]危胜军,胡昌振,孙明谦,基于学习Petri网的网络入侵检测方法[J],北京理工大学学报,2007,27(4):312-317
[62]鲍培明.基于BP网络的模糊Petri网的学习能力[J].计算机学报,2004,27(5):695-702
[2]刘建伟,王育民.网络安全:技术与实践[M].北京:清华大学出版社,2005
[3]陈春霞,黄皓.攻击模型的分析与研究[J].计算机应用研究,2005,(7):115-118
[4]MOORE AP,TLLISON R,LINGER RC.Attack modeling for information security and survivability[R].CMU/SEI-2001-TN-001,2001
[5]TIDWELL T,LARSON R,FITCH K.Modeling Internet Attacks[A].Proceedings of the 2001 IEEE Workshop on Information Assurance and Security[C],2001.54-59
[6]张博,李伟华.Phishing攻击行为及其防御模型研究[J],计算机工程,2006,32(14):125-128
[7]张基温,叶茜.分布式拒绝服务攻击建模与形式化描述[J],计算机工程与设计,2006,27(21):4125-4129
[8]念其锋,蔡开裕,杜秀春.基于攻击树的边界网关安全测试[J],计算机工程与科学,2006,28f8):14-19
[9]袁艺,王轶骏,薛质.基于攻击树的协同入侵攻击建模[J],信息安全与通信保密,2006,(3):55-57
[10]阚流星,鲁鹏俊,王丽娜,张焕国.基于攻击树和Agent技术的攻击模型[J],计算机工程,2003,29(18):80-82
[11]危胜军,胡昌振,谭惠民,模糊Petri网知识表示方法在入侵检测中的应用[J],计算机工程,2005,31(2):130-133
[12]MCDRMOTT J.Attack Net Penetration Testing[A].The 2000 New Security Parading Workshop[C],2000.5-22
[13]STEFFAN J,SCHUMACHER M.Collaborative attack modeling[A].Proceedings of SAC[C],2002
[14]BACE R,MELL P.Intrusion Detection Systems[A].NIST Special Publication on Intmsion Detection System[C],2001
[15]赖海光,黄皓,谢俊元.基于系统状态集合的攻击模型及其应用[J].计算机应用,2005,25(7):1535-1539
[16]PORRAS P.A.,KEMMERER R.A.Penetration state transition analysis:A rule-based intrusion detection approach.Proceedings of the Eighth Annual Computer Security App;ications Conference,1992,220-229.
[17]SWILER L.P,PHILLIPS C.,GAYLOR T.A graph-based network-vulnerability analysis system.Sandia National Laboratiories:Technical Report SAND97-3010/1.UC-705,1997.
[18]TEMPLETON S.J,LEVITT K.A requires/provides model for computer attacks.Proceedings of the New Security Paradigms Workshop 2000.Cork Ireland,2000,31-38.
[19]BRUCE SCHNEIER.Attack Trees.Dr.Dobb's Journal of Software Tools 24,12(Dec.1999)21-29
[20]JENSEN K.Colored Petri nets:Basic concepts,analysis methods and practical use.Vol.12nd edition.Berlin,Germany:Springer-Verlag,1997
[21]KUNAR S.,Classification and detection of computer Intrusions[Ph.D.dissertation].Department of Computer Science,Purdue University,1995
[22]KUNAR S.,SPAFFORD E.H.A pattern matching model for misuse intrusion detection.Proceedings of the 17~(th)National Computer Security,MD,1995,11-21
[23]ILGUN K..USTAT:A real-time intrusion detection system for UNIX.Proceedings of IEEE symposium on Research in Security and Privacy,Oakland,CA,1993,16.
[24]史开泉.双枝模糊集(Ⅰ).山东工业大学学报[J],1998,28(2):127-134
[25]史开泉.双枝模糊集(Ⅱ).山东工业大学学报[J],1998,28(2):144-149
[26]史开泉.双枝模糊集(Ⅲ).山东工业大学学报[J],1998,28(3):206-211
[27]史开泉,刘刚.双枝模糊集(Ⅳ).山东工程学院学报[J],1997,9(3):7-9
[28]史开泉.双枝模糊集(Ⅴ).山东工业大学学报[J],1998,28(5):463-472
[29]史开泉.双枝模糊集(Ⅵ).山东工业大学学报[J],1999,29(1):52-62
[30]史开泉.双枝模糊集(Ⅶ).山东工业大学学报[J],1999,29(3):233-239
[31]史开泉.双枝模糊集(Ⅷ).山东工业大学学报[J],1999,29(6):544-551
[32]ZADEH L.A Fuzzy Sets.Information and Control,1965,8:338-353
[33]史开泉,崔玉泉.双枝模糊决策与决策加密-认证[J]中国科学(E辑),2003,33(2):154-163
[34]史开泉,李岐强.双枝模糊决策与决策识别问题[J],中国工程,2001,3(1):71-77
[35]SHI KAIQUAN,CUI YUQUAN.Both-Branch fuzzy decision and decision encryption authentication[J].SCIENCE IN CHINA(Series F),2003,46(2):90-103.
[36]刘刚,徐衍亮,赵建辉等.双枝模糊逻辑[J],计算机工程与应用,2003, 39(30):96-98
[37]刘刚,刘强.双枝模糊推理框架[J]计算机工程与应用,2004,(32):102-105
[38]刘刚,赵建辉,刘强.双枝模糊逻辑(Ⅱ)[J].计算机工程与应用,2005,(19):47-49
[39]何新贵.模糊Petri网[J].计算机学报,1994,17(12):946-950.
[40]李英华,叶天荣,张虹霞.计算机非传统推理导论[M].北京:宇航出版社,1992.
[41]TZAFESTSA S G,CAPKOVIC F.Petri net-based approach to synthesis of intelligent control systems for DEDS[J].Computer-Assisted Management and control or manufacturing systems.New York:Springer,1997.523-531.
[42]高梅梅,吴智铭.模糊推理Petri网及其在故障诊断中的应用[J].自动化学报,2000,26(5):677-680.
[43]张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-112.
[44]SANS Website[EB/OL].http://www.securityfocus.com/.
[45]National Institute of Standards and Technology(NIST).ICAT Metabase[Z].http://icat.nist,gov/,2002.
[46]赵克勤.集对分析及其初步应用[M],杭州:浙江科技出版社,2000
[47]郑鹏,张弼云.基于集对分析的图书馆服务质量综合评价.情报杂志[J],2008,(1):145-158
[48]杨习贝,杨静宇等.不完备信息系统中的集对分析方法.计算机科学[J],2007,34(4):171-174
[49]邱林,冯晓波等.集对分析发在湖泊水质富营养化评价中的应用.人民长江[J],2008,39(5):52-54
[50]郑东良,黄文卿,孙亮.基于集对分析的预警机指挥多机编队空战态势评估.空军工程大学学报(自然科学版)[J],2008,9(1):9-13
[51]胡波,王汝传,王海艳.基于集对分析的P2P网络安全中的信誉度改进算法.电子学报[J],2007,35(2):244-247
[52]刘保相,张春英.基于SPA的双枝模糊决策分析.模糊系统与数学[J],2006,20(4):74-78
[53]刘林.应用模糊数学[M],陕西科学技术出版社,1996
[54]贾立新,薛钧义,茹峰.采用模糊Petri网的形式化推理算法及其应用[J].西安交通大学学报,2003,37(12):1263-1266
[55]马小平,李明,鲍海勇.基于模糊推理Petri网的胶带运输系统故障诊断 [J].东南大学学报(自然科学版),2003,(33):127-129
[56]魏海坤.神经网络结构设计的理论与方法[M],北京:国防工业出版社,2005
[57]TAKESHI FURUHASttI,HIDEHIRO YAMAMOTO.Fuzzy Control Stability Analysis Using a Generalized Fuzzy Petri Net Model[J].Journal of Advanced Computational Intelligence and Intelligent Informatics,1999,3(2):99-105
[58]宋群,马宏波,王中海.基于NNFPN模型的电梯故障诊断方法的研究[J].控制与决策,2005,20(3):341-344
[59]王维,潘凝,张建勋,卢桂章.基于人工神经网络与Petri网的宏观经济调控分析[J].系统工程理论与实践,2002,(8):41-48
[60]胡志刚,马好,廖麟.基于模糊神经Petri网的故障诊断模型[J].小型微型计算机系统,2005,26(11):1978-1982
[61]危胜军,胡昌振,孙明谦,基于学习Petri网的网络入侵检测方法[J],北京理工大学学报,2007,27(4):312-317
[62]鲍培明.基于BP网络的模糊Petri网的学习能力[J].计算机学报,2004,27(5):695-702
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |