| With mobile networks, sensor networks, networking and various informationprocessing terminals merge into the Internet environment, there are some newmission-critical applications which demand high security and survivability, such aselectronic payment systems, traffic control systems, SCADA (Supervisory Control andData Acquisition) and so on. Such applications expose to the open Internet environment,and provide a lot of money transactions and the exchanges of confidential information.They are easy to be attacked and destroyed. Currently the security of such systems mainlyrely on single-point detection and prevention, to some extent to protect the safety of thesystem, but due to the lack of information exchange and integration between single pointdetection systems, it’s easy to lead the serious limitations of information sources, detectionmechanisms, false-positive rate and false negative rate. Given the above, applicationsystems of collaborative detection and defense technology have become a hot issue to bestudied currently. Based on research at home and abroad, we further study using multi-point detection technology with coordination mechanism.First of all, the entity behavior characteristic and the sequence of operation areintroduced in coordination analysis. A defined description of binary feature for entitybehavior characteristics and sequence of operations is given, which overcomes theshortages of traditional models that detect in a single way. The paper calculates thecollaborative detection threshold and gives the collaborative detection algorithms based onthe multi-dimensional cooperation mechanism of characteristic pattern and sequence ofoperations.Secondly, a hierarchical structure of multi-point coordination detection which canovercome the shortages of traditional models that lack of good capacity to suspiciousbehavior detection is proposed. The structure solves the accuracy low problem oftraditional models by introducing the combining characteristic coordination detection andoperations sequence coordination detection. The structure can effectively improve theaccuracy of coordinated attacks with Information gathering, information synergy analysis of behavioral characteristics and operation sequence on the management domaincollaboration layer and distribution of protection rules on the global analysis control layer.Finally, we have compared and analyzed the experimental results between theproposed coordinated detection algorithms and other algorithms, and made the prospectsfor future research.. |
PDF Full Text Request