Towards probabilistic identification of zero-day attack paths

机译：走向零日攻击路径的概率识别

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi-step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero-day threats. In this paper, we propose a probabilistic approach to identify zero-day attack paths and implement a prototype system named ZePro. An object instance graph is first built from system calls to capture the intrusion propagation. To further reveal the zero-day attack paths hiding in the instance graph, our system constructs an instance-graph-based Bayesian network. By leveraging intrusion evidence, the Bayesian network can quantitatively compute the probabilities of object instances being infected. The object instances with high infection probabilities reveal themselves and form the zero-day attack paths. The experiment results show that our system can effectively identify zero-day attack paths.

机译：零时差攻击继续挑战企业网络安全防御。当多步骤攻击包含一个或多个零时差攻击时，便形成零时差攻击路径。及时发现零日攻击路径可以使早期发现零日威胁成为可能。在本文中，我们提出了一种概率方法来识别零日攻击路径并实现一个名为ZePro的原型系统。首先从系统调用中构建对象实例图，以捕获入侵传播。为了进一步揭示隐藏在实例图中的零日攻击路径，我们的系统构建了一个基于实例图的贝叶斯网络。通过利用入侵证据，贝叶斯网络可以定量计算被感染对象实例的概率。具有高感染概率的对象实例会自我展示，并形成零日攻击路径。实验结果表明，我们的系统可以有效地识别零日攻击路径。

著录项

来源
《IEEE Conference on Communications and Network Security》|2016年|64-72|共9页
会议地点
作者
Xiaoyan Sun; Jun Dai; Peng Liu; Anoop Singhal; John Yen;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Security; Bayes methods; Probabilistic logic; Communication networks; Sockets; Conferences; Feature extraction;

机译：安全性;贝叶斯方法;概率逻辑;通信网络;套接字;会议;特征提取;

相似文献

外文文献
中文文献
专利

1. Network Attack Surface: Lifting the Concept of Attack Surface to the Network Level for Evaluating Networks’ Resilience Against Zero-Day Attacks [J] . Zhang Mengyuan, Wang Lingyu, Jajodia Sushil, IEEE transactions on dependable and secure computing . 2021,第1期

机译：网络攻击表面：将攻击面的概念提升到网络水平，以评估网络对零攻击的恢复力
2. FOUR ZERO-DAY EXPLOITS USED TO ATTACK MICROSOFT EXCHANGE SERVER [J] . Sam Varghese Exchange . 2021,第Mara3期

机译：用于攻击Microsoft Exchange Server的四个零日漏洞
3. FGMC-HADS: Fuzzy Gaussian mixture-based correntropy models for detecting zero-day attacks from linux systems [J] . Waqas Haider, Nour Moustafa, Marwa Keshk, Computers & Security . 2020,第Sepa期

机译：FGMC - HATS：基于模糊的高斯混合的矫正模型，用于检测Linux系统的零日攻击
4. Towards probabilistic identification of zero-day attack paths [C] . Xiaoyan Sun, Jun Dai, Peng Liu, IEEE Conference on Communications and Network Security . 2016

机译：朝向零日攻击路径的概率识别
5. Zero-day Attack Identification in Streaming Data: Nearest Neighbor Heuristics and Dynamic Semantic Network Generation in the Spark Eco-system [D] . Pallaprolu, Sai Chaithanya. 2017

机译：流数据中的零日攻击识别：Spark生态系统中的最近邻居启发式算法和动态语义网络生成
6. The Pitfalls in the Path of Probabilistic Inference in Forensic Entomology: A Review [O] . Gaétan Moreau 2021

机译：法医昆虫学概率推断路径中的陷阱：综述
7. A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification [O] . S. VahidFarrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh 2015

机译：一种新的网络入侵检测算法，零天攻击识别能力

Towards probabilistic identification of zero-day attack paths

摘要

著录项

相似文献

相关主题

期刊订阅