《计算机应用研究》|Application Research of Computers

一种自主免疫学习的分布式网络攻击对抗模型研究

Distributed network attack against model with self-immunity learning

免费全文下载 (已被下载 次)  
获取PDF全文
作者 蒋勇,赵作鹏
机构 1.江苏联合职业技术学院 信息技术系,江苏 徐州 221008;2.中国矿业大学 计算机科学与技术学院,江苏 徐州 221008
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2015)04-1138-03
DOI 10.3969/j.issn.1001-3695.2015.04.042
摘要 针对网络系统容易遭受网络病毒攻击的问题,提出一种自主免疫学习的分布式网络攻击对抗模型。该网络攻击对抗模型采用分布式网络攻击检测算法来计算数据包信任值,再通过设置信任值的检测阈值,当数据包的信任值低于阈值时,判断该数据包遭到攻击。此方法可以确定数据包是否遭到病毒入侵,并对病毒的危险等级进行评估。基于人体的病毒防御机理提出适用于网络的自主免疫机制,通过带抗体的特殊数据包来清除带病毒数据包,并基于病毒的危险等级来生产适当的特殊数据包数量。在实验仿真中,算法在检测网络病毒的攻击以及清除网络病毒方面表现出良好的效果。
关键词 网络攻击;网络病毒;分布式网络攻击检测;自主免疫
基金项目 江苏省自然科学基金资助项目(BK2012129)
本文URL http://www.arocmag.com/article/01-2015-04-042.html
英文标题 Distributed network attack against model with self-immunity learning
作者英文名 JIANG Yong, ZHAO Zuo-peng
机构英文名 1. Dept. of Information Technology, Jiangsu Union Technical Institute, Xuzhou Jiangsu 221008, China; 2. School of Computer Science & Technology, China University of Mining & Technology, Xuzhou Jiangsu 221008, China
英文摘要 For the problems that network systems was easy to be attacked by network vulnerable, this paper proposed a distributed network attack against the model with self-immunity learning. The cyber-attacks against the model used a distributed network attack detection algorithms to calculate the trust value of the data packet case, then set the trust value of the detection threshold, when the trust value was below the threshold packet to determine the packet attack, this method could determine whether the packet was viruses and virus assess the level of danger presented for network self-defense mechanism of the human immune system-based virus, through a special data packet with antibodies to clear the packet with the virus, and based on the risk level of the virus to produce the appropriate number of special data packet. In the simulation experiments, the algorithm to detect network attacks and viruses clear network viruses show good results.
英文关键词 network attacks; network viruses; distributed network attack detection; independent immunity
参考文献 查看稿件参考文献
  [1] 秦华旺, 戴跃伟, 王执铨. 一种基于Petri net的分布式入侵容忍系统模型研究[J] . 系统工程与电子技术, 2009, 31(1):208-212.
[2] 柴争义, 刘芳. 应用危险理论的网络安全风险感知模型[J] . 北京邮电大学学报, 2010, 33(3):40-43.
[3] TOBARRA L, CAZORLA D, CUARTERO F, et al. Model checking wireless sensor network security protocols:TinySec+ LEAP+ TinyPK[J] . Telecommunication Systems, 2009, 40(3-4):91-99.
[4] MACEDONIO D, MERRO M. A semantic analysis of key management protocols for wireless sensor networks[J] . Science of Compu-ter Programming, 2014, 81:53-78.
[5] LIU Bao-ju, WANG Jian-xi. Research on the network security protocols based on the strand spaces theory[J] . Applied Mechanics and Materials, 2014, 457-478:1134-1138.
[6] 彭敏. 基于免疫的网络入侵检测与风险预测模型[J] . 计算机工程, 2011, 37(11):141-143.
[7] VAJDA I. A proof technique for security assessment of on-demand Ad hoc routing protocols[J] . International Journal of Security and Networks, 2014, 9(1):12-19.
[8] 张保稳, 罗铮, 薛质, 等. 基于全局权限图的网络风险评估模型[J] . 上海交通大学学报, 2010, 44(9):1197-1200.
[9] 龙门, 夏靖波, 张子阳, 等. 节点相关的隐马尔可夫模型的网络安全评估[J] . 北京邮电大学学报, 2010, 33(6):121-124.
[10] 张少俊, 李建华, 陈秀真. 一种基于渗透模型的网络攻击路径挖掘方法[J] . 上海交通大学学报, 2008, 42(7):1138-1143.
[11] 乌力吉, 季莹婕, 张向民, 等. 用于高速网络安全协处理器的抗功耗攻击AES算法引擎设计[J] . 清华大学学报:自然科学版, 2009, 49(2):2097-2102.
[12] LEE N, CHUN J. Signal space alignment for an encryption message and successive network code decoding on the MIMO K-way relay channel[C] //Proc of IEEE International Conference on Communications. [S. l. ] :IEEE Press, 2011:1-5.
[13] ANDHARE M A, PATIL A B. Denial-of-service attack detection using genetic-based algorithm[J] . Reproduction, 2012, 2(2):94-98.
[14] GUPTA S, KUMAR P. VM profile based optimized network attack pattern detection scheme for DDoS attacks in cloud[M] //Security in Computing and Communications. Berlin:Springer, 2013:255-261.
[15] RAJ K P A, SELVAKUMAR S. Distributed denial of service attack detection using an ensemble of neural classifier[J] . Computer Communications, 2011, 34(11):1328-1341.
[16] ZHANG Yi-chi, WANG Ling-feng, SUN Wei-qing, et al. Distributed intrusion detection system in a multi-layer network architecture of smart grids[J] . IEEE Trans on Smart Grid, 2011, 2(4):796-808.
收稿日期 2014/3/31
修回日期 2014/5/26
页码 1138-1140
中图分类号 TP393.08
文献标志码 A