倒傳遞類神經軟體判別模式

Process Oriented Event Graph by the Back-Propagation Learning Algorithm

10.30167/JOIT.201012.0021

邱天嵩(Tien-Sung Chio)；林淑民(Shu-Min Lin)

警訊關聯 ； 事件圖 ； 攻擊圖 ； 倒傳遞類神經網路 ； Alert Correlation ； Event Graph ； Attack Graph ； Back-Propagation Neural Network ； Intelligent

亞東學報

30期（2010 / 12 / 01）

167 - 184

繁體中文

隨著1990年代網路基礎建設的普及，使用系統網路上的漏洞來建立攻擊圖以建構資安案件在近年的研究上廣泛被採用，其研究貢獻大多著眼於事件圖的運算效率。本論文提出在現今許多透過合法程式的入侵，在攻擊圖上無法呈現，使得利用攻擊圖所建構的事件關係圖無法精確。根據此點，本研究改以軟體導向事件為基礎來建構事件圖，如此可以避免基於攻擊圖所做的事件關聯中存在許多消失的鏈結。此外，本研究並建立倒傳遞類神經軟體判別模式以輔助不明軟體事件的判定。

With the network infrastructure being popularly built in the 1990's, utilizing attack graph from system/network exploits to generate the event graph for security scenario construction has been widely adopted by modem research. The contribution concentrates more on the efficiency of computing event graphs. This study intends to address the inconvenience of having attack graph and the inaccuracy of constructing event graph thereafter. We propose correlating the events directly to form the event graph without attack graph and acquiring BP (Back-Propagation) model of Neural Network to assist determining the uncertain events. The other key improvement is to focus more on software oriented event in contrast to network oriented event in the related work. This significantly reduces missing event originally linked to the attack graph based approach. On the whole, the proposed mechanism can improve the accuracy of the event graph and is able to construct a more complete security scenario.

1. CERT, Vulnerability Remediation Statistics, http://www.cert.org/stats/vulnerability_remediation.html
2. Cuppens, F.,Miege, A.(2002).Alert correlation in a cooperative intrusion detection framework.Proc. of the 2002 IEEE Symposium on Security and Privacy
3. Debar, H.,Wespi, A.(2001).Aggregation and correlation of intrusion-detection alerts.Proc. of the 4th International Symposium on Recent Advances in Intrusion Detection
4. Kotenko, I.,Stepashkin, M.(2006).Attack graph based evaluation of network security.LNCS,4237,216-227.
5. Lim, S. H.(2006).Forecasting models of additional use of mobile digital contents: A comparison of artificial neural networks and logistic regression analysis.International Journal of Computer Science and Network Security,6(6),146-149.
6. Morin, B.,Mé, L.,Debar, H.,Ducassé, M.(2002).M2D2:a formal data model for IDS alert correlation.Lecture notes in computer science,2516,177-198.
7. Ning, P.,Cui, Y.,Reeves, D. S.,Xu, D.(2004).Tools and techniques for analyzing intrusion alerts.ACM Transactions on Information and System Security,7(2),274-318.
8. Nole, S.,Robertson, E.,Jajodia, S.(2004).Correlating intrusion events and building attack scenarios through attack graph distances.Proc. of the 20th Annual Computer Security Applications Conference
9. Ramasubramanian, P.,Kannan, A.(2004).Intelligent multi-agent based back-propagation neural network forecasting model for statistical database anomaly prevention system.Intelligent Sensing and Information Processing, 2004. Proceedings of International Conference on
10. Swiler, L. P.,Phillips, C.,Ellis, D.,Chakerian, S.(2001).Computer-attack graph generation tool.DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings
11. Wang, L.,Li, Zhi-tang,Fan, J.(2005).Learning attack strategies through attack sequence mining method.Communication Technology, 2006. ICCT '06. International Conference on
12. Wang, L.,Liu, A.,Jajodia, S.(2006).Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts.Computer Communications,29,2917-2933.
13. Yana, D.,Maksym, T.(2007).Neural network approach of attack's detection in the network traffic.CADSM'2007,Polyana, Ukraine:
14. Yu, D.,Frincke, D.(2007).Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net.Computer Networks,51(21,7. Issue 3),632-654.
15. 朱劍英(2001)。智能系統非經典數學方法。武昌:華中科技大學出版社。
16. 林逸塵(2002)。碩士論文(碩士論文)。高雄，國立中山大學環境工程研究所。
17. 程微微、陳余良、夏陽、楊國正(2007)。電腦網路脆弱性評估研究。安徽大學學報，31(4)，29-32。
18. 葉怡成(2004)。類神經網路模式應用與實做。臺北市:儒林出版社。
19. 蔡明穎(2007)。應用類神經網路評估共同基金選配與投資策略報酬之研究。2007風險與安全管理國際學術研討會