| Along with the large scale and complicated evolution of netwo rk now, more and more terminals can access the Internet, more and more information is also stored on the Internet, and people can ac cess the Internet as a terminal of Internet to produce a large amou nt of information too. With the development of information integrati on, there is offensive and defensive technology all the time in the cyber world. Each network security event may indeed affect the wh ole world, especially cyber spying, or cyber espionage. Because inf ormation leakage is more likely to trigger a crisis, the intrusion det ection for the network espionage is of great significance.Firstly, we model all aspects of network espionage attacks. The n we abstractly describe network behavior for a quintuple and provi de the starting point for future research. Based on this model we st udy the network espionage behavior characteristics, then we conclud e that every operation of users in the network can be characterized by series closely packets for a period of time. Each user operation will be demonstrated through the corresponding packet attributes. S o in the intrusion detection system, we implement an analysis techn ique for the behavioral characteristics of cyber espionage. This tech nology analysis package cluster behavior characteristics through the construction of connection tracking tables and packet of cluster char acteristics table. In addition, this system is applied based on operate d with the help of keywords and port-based fine-grained protocol id entification technology, as well as the depth identification and judge of the protocol, providing help for the following protocol analysis.Experiments show that the data acquisition subsystem, the data processing subsystem and audit subsystem can work reliably, and th is NIDS is effective for most of the test data. The method also ind icates that connection tracking and behavioral characteristics can wel1distinguish normal behavior and network espionage. This method can be drawn upon for a good reference.Besides, the paper also proposes an optimal attack paths game model. Game theory is used in this model to predict the optimal at tack path. Based on this, defender will only need this model to ma ximize the proceeds on optimal attack path. |
PDF Full Text Request