关键词: 入侵检测 场景 关联 有色Petri网

Abstract:

Traditional intrusion detection systems only provide a great amount of indefendent and original attack alarming information,which does not help the users and IDSs to respond to the attacks in time. So the lower level alarming information is needed to build a higher level attack scenario. The paper proposes a method of dinamically buiding a real-time attack scenario using the colored Petri nets principle. The method firstly uses the colored Petri netsdescribe the attack scenario, matches and builds the corresponding attack scenario with the ratio of the expanded association matrix, and verifies and checks the omitted attacks, predicts the next possible attack according to the built sub-attack scenario network; and meanwhile builds a new attack s cenario mode by using a method of sub-attack scenario merge.

Key words: intrusion detection, scenario, association, colored Petri net