一种基于免疫学的信息安全威胁预警方法
An information security threat warning method based on immunology
李茹 1杨慧锋 2翟书颖1
作者信息
- 1. 西安明德理工学院信息工程学院,西安 710124
- 2. 长安银行股份有限公司,西安 710075
- 折叠
摘要
为提升信息安全威胁预警准确度和事件响应速度,模拟生物免疫系统组织、结构、功能及识别自我排除非己等机制,提出一种信息安全威胁预警方法.首先部署入侵检测节点,设置关联规则;接着刻画信息系统正常行为轨迹,设置数据流转区域及路径规则,运用马尔科夫链、有限状态自动机等算法,设置数据流转时空规则;然后围绕资产脆弱性及中观态势,设置预警攻击向量.入侵与已设置规则匹配时,及时预警或处置威胁.实践表明,该方法可有效降低人员的技能依赖,提升人员的事件响应速度,具有一定推广价值.
Abstract
In order to improve the accuracy of information security threat warning and the speed of event re-sponse,an information security threat warning method is proposed to simulate the organization,structure and function of biological immune system and identify and exclude non-self mechanism.Firstly,the intru-sion detection node is deployed and the association rules are set.Then,the information system's normal behavior trajectory is described,the data flow area and path rules are set,and Markov chain,finite state automata and other algorithms are used to set the data flow space-time rules.Then,the early warning attack vector is set up around the asset vulnerability and the mid-view situation.If the intrusion matches the con-figured rules,the system timely alerts or handles threats.The practice shows that this method can effective-ly reduce the skill dependence of personnel and improve the incident response speed of personnel,which has a certain popularization value.
关键词
生物免疫系统/信息安全威胁预警/规则/马尔科夫链/有限状态自动机Key words
biological immune system/information security threat warning/rules/markov chain/finite state automaton引用本文复制引用
基金项目
西安明德理工学院科研基金项目(2022XY01L02)
西安明德理工学院科研基金项目(2021-XY01L02)
陕西省教育厅专项科研计划项目(21JK-0813)
国家自然科学基金面上项目(61671379)
出版年
2024
NETL
NSTL
万方数据