《计算机应用研究》|Application Research of Computers

基于大数据和图社群聚类算法的攻击者画像构建

Attacker portrait construction based on large data and graph community clustering algorithms

免费全文下载 (已被下载 次)  
获取PDF全文
作者 黄志宏,张波
机构 华南农业大学 a.现代教育技术中心;b.网络安全应急响应中心,广州 510642
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2021)01-046-0232-05
DOI 10.19734/j.issn.1001-3695.2019.09.0621
摘要 为了在海量、多源、异构的网络威胁入侵日志中快速、准确地甄别真实的攻击事件及发现攻击者,并构建其特征画像,提出一种基于大数据流式解析技术和Louvain社群发现算法(big data stream analysis and Louvain,BDSAL)的构建攻击者画像的方法。根据攻击模式枚举与分类(common attack pattern enumeration and classification,CAPEC)标准定义了安全事件的范式模型,并结合大数据流式消息队列实现将多源异构日志快速范化成为范式化安全事件。通过提取和扩展安全事件的特征生成事件特征图,并按照时空和攻击模式特征,使用社群发现算法对特征图进行聚类,以发现攻击者。最后,结合实验室真实的攻防数据,验证了该方法的可行性和有效性。
关键词 大数据; 网络威胁; 特征图聚类; 社区发现; 攻击者发现; 攻击者画像
基金项目 2018年教育部产学合作协同育人项目(201802076025)
本文URL http://www.arocmag.com/article/01-2021-01-046.html
英文标题 Attacker portrait construction based on large data and graph community clustering algorithms
作者英文名 Huang Zhihong, Zhang Bo
机构英文名 a.Modern Education & Technology Center,b.Network Security Emergency Response Center,South China Agricultural University,Guangzhou 510642,China
英文摘要 In order to quickly and accurately identify real attack events in massive, multi-source and heterogeneous network threat intrusion logs, and discover attackers, and construct their characteristic portraits, this paper proposed a method to construct attacker portraits based on BDSAL. It defined a paradigm model of security events according to CAPEC, and rapidly normalized the multi-source heterogeneous log into a paradigm-based security event combined with the implementation of large data flow message queue. By extracting and expanding the features of security events, it generated event feature maps. According to the characteristics of space-time and attack patterns, it used the community discovery algorithm to cluster the feature maps and find the attackers. Finally, it verifies the feasibility and validity of the proposed method by the real attack and defense data of the laboratory.
英文关键词 big data; network threats; feature graph clustering; community discovery; attacker discovery; attacker portrait
参考文献 查看稿件参考文献
 
收稿日期 2019/9/18
修回日期 2019/11/2
页码 232-236
中图分类号 TP309
文献标志码 A