| 563 | 6 | 298 |
| 下载次数 | 被引频次 | 阅读次数 |
随着网络攻击活动日益猖獗,网络基础设施与重要信息系统面临着严峻的安全挑战。传统的网络威胁检测方法往往只能检测已知的安全威胁,无法检测出未知、复杂的网络威胁行为,同时还存在检测速度慢、资源消耗大等问题。为此,基于知识图谱与图数据库Neo4j,设计并实现了可动态识别并学习新型攻击的网络威胁行为分析系统。利用知识图谱对网络威胁行为进行描述,采用自学习方式来动态更新威胁知识图谱,以应对复杂化的网络攻击,提高对网络威胁行为的检测效率与准确率。基于Flume+Kafka+Storm的平台架构,对网络威胁行为数据进行处理,提升了知识图谱各节点之间的遍历搜索速度,加快了网络威胁行为识别效率。系统解决了传统入侵检测方法难以检测未知、复杂的网络威胁行为的问题,并提升了网络威胁行为检测速度,具有较强的实用性和可扩展性。
Abstract:With the increasingly rampant cyberattacks, network infrastructure and important information systems are facing severe security challenges.The traditional network threat detection system can only detect known security threats, and cannot detect unknown and complicated security threats.Low detection speed, and large resource consumption also affect the performance of the system.Therefore, based on the knowledge graph and graph database—Neo4 j, a network threat behavior detection system is designed and implemented, which can dynamically identify and learn new types of attacks.In this system, the knowledge graph and Neo4 j are used to describe network threat behaviors, and self-learning method is adopted to dynamically update the threat knowledge graph, so as to cope with complicated network attacks and improve the efficiency and accuracy of network intrusion detection.The platform architecture based on Flume + Kafka + Storm is used to process network threat behaviors, which improves the traversal search speed among nodes of the knowledge graph and speeds up the network threat identification.The system solves the problem that it's difficult for the traditional intrusion detection methods to detect unknown and complicated network threats, and improves the speed of network threat detection, with strong practicability and scalability.
[1] 赵静,李俊,龙春,等.基于频繁项集挖掘的长周期异常行为检测[J].计算机应用研究,2020,37(S2):221-223.
[2] 傅依娴,芦天亮,马泽良.基于One-Hot的CNN恶意代码检测技术[J].计算机应用与软件,2020,37(1):304-308.
[3] DAREM A,ABAWAJY J,MAKKAR A,et al.Visualization and Deep-learning-based Malware Variant Detection Using OpCode-level Features[J].Future Generation Computer Systems,2021,125:314-323.
[4] PEKTA A,ACARMAN T.Learning to Detect Android Malware via Opcode Sequences[J].Neurocomputing,2020,396:599-608.
[5] 王腾飞,蔡满春,芦天亮,等.基于iTrace_v6的IPv6网络攻击溯源研究[J].信息网络安全,2020,20(3):83-89.
[6] 黄克振,连一峰,冯登国,等.一种基于图模型的网络攻击溯源方法[J].软件学报,2022,33(2):683-698.
[7] LIU F C,JIANG X H,WEN Y,et al.Log2vec:A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats within Enterprise[C]//26th ACM SIGSAC Conference on Computer and Communications Security.London:ACM,2019:1777-1794.
[8] 王晓辉,宋学坤.基于知识图谱的网络安全漏洞类型关联分析系统设计[J].电子设计工程,2021,29(17):85-89.
[9] 秦晓娜,黄兴,臧立成,等.知识图谱在网络安全配置领域的应用研究[J].通信技术,2021,54(7):1746-1749.
[10] 杨艳丽,宋礼鹏.融合社交网络威胁的攻击图生成方法[J].计算机工程,2021,47(5):104-116.
[11] 丁洪丽.基于Neo4j图数据库的人员关系挖掘[J].电讯技术,2020,60(7):771-777.
[12] 张维冲,王芳,黄毅.基于图数据库的贵州省大数据政策知识建模研究[J].数字图书馆论坛,2020(4):30-38.
[13] 郝鹏海,徐成龙,刘一田.基于Kafka和Kubernetes的云平台监控告警系统[J].计算机系统应用,2020,29(8):121-126.
[14] HTUT A M,CHAODIT A.Development of Near Real-time Wireless Image Sequence Streaming Cloud Using Apache Kafka for Road Traffic Monitoring Application[J].PLoS One,2022,17(3):923-933.
[15] 王中华,柴小丽.基于Storm平台的多任务分组调度策略与实现[J].计算机系统应用,2021,30(2):250-254.
[16] SELIM A Z,EL-ATTAR N E,HANAFY I M,et al.Balanced Schedule on Storm for Performance Enhancement[J].International Journal of Advanced Computer Science and Applications,2022,13(1):25-30.
[17] 秦娅,申国伟,余红星.基于 Hadoop 的大规模网络安全实体识别方法[J].智能系统学报,2019,14(5):1017-1025.
[18] SARHAN I,MARCO S.Open-cykg:An Open Cyber Threat Intelligence Knowledge Graph[J].Knowledge-Based Systems,2021,233:107524-107528.
[19] GAO P,WANG H Q,JIN Q Q,et al.An Intelligent Threat-detection Method for Power Monitoring System Based on Attack Chain Knowledge[C]//2021 IEEE 4th International Electrical and Energy Conference (CIEEC).Wuhan:IEEE,2021:1-6.
[20] PIPLAI A,RANADE P,KOTAL A,et al.Using Knowledge Graphs and Reinforcement Learning for Malware Analysis[C]//2020 IEEE International Conference on Big Data (Big Data).Atlanta:IEEE,2020:2626-2633.
基本信息:
中图分类号:TP393.08;TP391.1
引用信息:
[1]寿增,狄跃斌,马骁,等.基于知识图谱的网络威胁行为检测系统设计[J].无线电工程,2022,52(08):1330-1337.
基金信息:
国家自然科学基金(61872069)~~
2022-06-09
2022-06-09
2022-06-09