An information security threat warning method based on immunology
In order to improve the accuracy of information security threat warning and the speed of event re-sponse,an information security threat warning method is proposed to simulate the organization,structure and function of biological immune system and identify and exclude non-self mechanism.Firstly,the intru-sion detection node is deployed and the association rules are set.Then,the information system's normal behavior trajectory is described,the data flow area and path rules are set,and Markov chain,finite state automata and other algorithms are used to set the data flow space-time rules.Then,the early warning attack vector is set up around the asset vulnerability and the mid-view situation.If the intrusion matches the con-figured rules,the system timely alerts or handles threats.The practice shows that this method can effective-ly reduce the skill dependence of personnel and improve the incident response speed of personnel,which has a certain popularization value.
biological immune systeminformation security threat warningrulesmarkov chainfinite state automaton
NETL
NSTL
万方数据
