Unlock instant, AI-driven research and patent intelligence for your innovation.

Verification Method of Misuse Detection System Attacking Knowledge Base Based on Petri Net Model

A technology of misuse detection and verification methods, applied in the direction of error detection/correction, transmission system, digital transmission system, etc., can solve problems such as missing errors, incomplete inspection, and redundant rules, so as to improve the accuracy and solve low efficiency , to solve the effect of missed detection

Active Publication Date: 2011-04-27
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Like dead rules, it also reduces the efficiency of the system
[0026] (2) Rule redundancy
[0041] (1) When the amount of knowledge in the knowledge base is large, the verification workload is large and the efficiency is low;
[0042] (2) It is prone to incomplete inspection and omission of errors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0109] According to the above technical solutions, the present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

[0110] Suppose there are rules in the attack knowledge base of a certain misuse detection system, as shown in Table 1:

[0111] Table 1 A set of detection rules in the attack knowledge base

[0112]

[0113] Step 1: Establish a Petri net model for detection rules

[0114] The attack rules given in Table 1 meet the requirements of the attack knowledge representation form. According to the Petri net model establishment method given in step 1 of the summary of the invention, the Petri net model corresponding to the attack rules is as follows Figure 7 shown. Among them, the transition t 1 to t 15 Corresponding rule R 1 to R 15 , the place corresponds to the corresponding conditions and conclusions.

[0115] Step 2. Generate the reachable graph of the Petri net model of the attack knowledge

[0116] a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a verification method of a Petri net-based misuse detection system attacking a knowledge base, belonging to the technical field of computer applications. The invention establishes the Petri net model of the attack knowledge base, and generates the reachable graph of the Petri net model on this basis, and finds the wrong rules existing in the attack knowledge base through the reachable graph. Since the process of establishing the reachability graph is the automatic operation of the Petri net model in the computer, it effectively solves the problem of low efficiency in the manual verification method; moreover, the reachability graph can directly reflect all error types, It solves the missing detection problem in manual verification, improves the correctness, and is suitable for the verification of the knowledge base of the misuse detection system.

Description

technical field [0001] The invention relates to a checking method for an attack knowledge base of a misuse detection system based on a Petri net model, and belongs to the technical field of computer applications. Background technique [0002] Intrusion Detection refers to the identification of any group of activities that attempt to undermine the integrity, confidentiality, and access to resources of a system. The intrusion detection system detects behaviors or activities that violate security policies or endanger system security in the system by checking the audit data of the operating system or network packet information, and can respond according to the response strategy. [0003] According to the detection method, intrusion detection technology can be divided into two categories: behavior-based intrusion detection (Behavior-Based ID) and knowledge-based intrusion detection (Knowledge-Based ID). [0004] Knowledge-based intrusion detection, also known as misuse detection...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F11/00H04L9/00
Inventor 胡昌振危胜军
Owner BEIJING INSTITUTE OF TECHNOLOGYGY