CAJ | 학술논문

当前的网络攻击检测都没有充分考虑攻击的直接联系性，对攻击内在的直接关联缺少关注，导致攻击分类和网络威胁分区的准确性不高。为了解决这一问题，提出一种基于通信痕迹的网络威胁分区方法。通过提取网络威胁内在特有的主成份特征，构建出上一次攻击留下的通信痕迹，根据通信痕迹的反馈对本次攻击进行分区，保证同区域内的攻击特征类似，为后期的攻击图谱构建打下基础。计算机仿真实验证明，该方法可以很好的解决网络威胁检测缺少关联性的弊端，提高了入侵检测的准确度。
당전적망락공격검측도몰유충분고필공격적직접련계성，대공격내재적직접관련결소관주，도치공격분류화망락위협분구적준학성불고。위료해결저일문제，제출일충기우통신흔적적망락위협분구방법。통과제취망락위협내재특유적주성빈특정，구건출상일차공격류하적통신흔적，근거통신흔적적반궤대본차공격진행분구，보증동구역내적공격특정유사，위후기적공격도보구건타하기출。계산궤방진실험증명，해방법가이흔호적해결망락위협검측결소관련성적폐단，제고료입침검측적준학도。
The current network attack detection, are not fully considered directly attack item that the lack of direct attack the intrinsic connection between attention, lead to the classification of network attacks and threats partition accuracy is not high. In order to solve this problem, this paper puts forward a trace based on communication network threat partition method. Through the extraction network threat intrinsic characteristic of principal component characteristics, constructing the last attack left traces of communication, according to the communication traces of this feedback attack partitions, guarantee in the areas with similar attack characteristics, for later attack map construction to lay the foundation. The computer simulation proved that change method can well solve the network to threat the disadvantages of lack of correla-tion detection and improve the intrusion detection accuracy.