关键词: 多阶段网络攻击 攻击模式 数据挖掘 网络安全

Abstract:

In this paper we propose a model to mine the statistical attack signature protiles using the method of reverse backtracking from the attack consequences, on the basis of analyzing the multi-stage characteristics of sophisticated network attack behaviors. The model takes the anomaly network traffic col lected by the network manager system as its data source, employs the Granger causality test as its exploratory tool to extract the association among var ious attack stages, and can achieve several attack profiles with high confidence. Finally experiments with five DDoS tools are conducted, and the result s verify the effectiveness of our work.

Key words: multi-stage network attack, attack profile, data mining, network security