| With the scale of network and the complex of intrusion, as well as the issue of network security, the firewall-based protection measures are increasingly powerless, the proactive protection technology which mainly in intrusion detection became the main direction of research. The premise that for efficient network detection against attack and intrusion is to build a good threat model and the corresponding detection model. Research in this area is still immature. For this issue a more in-depth study as follows.Firstly in this paper, the concept of network threats, classification, threat detection technology, and generic model are introduced. Based on the study of domestic and foreign network threat detection model, the attack tree model has been improved. Combination of characteristics and process of network attacks, behavior sequence-based threat detection model is proposed, and we detail the structure and working process of the model, after that,combined with behavior sequence model works,the password theft model that based on the model is given.Secondly, with behavior sequence analysis, the specific design of threat model is detailed. Through the research of basic idea of Bayesian networks, we design the specific structure of the behavior sequence node, combined with anomaly detection techniques and probability statistical method, we detail the detect process of the model.Finally, with DARPA data sets, the simulation of threat detection model and the experiment results are given. Experimental results show that the behavior sequence model can detect the threats and provide a theoretical support for the establishment of intrusion detection system. |
PDF Full Text Request