判决PN机理论及其在入侵检测中的应用

论文针对攻击行为的知识表示和智能分析展开研究,利用Petri网理论和人工智能技术,建立适合攻击行为分析与检测的理论和方法。提出一类Petri网子类型判决PN机和着色判决PN机作为攻击行为的描述模型,利用其运行机制检测攻击,并使用着色判决PN机的有色合成解决模式关联的问题,同时

Theory of Judgment PN Machine and Its Application to Intrusion Detection (Abstract of the Ph. D. Dissertation)

In this paper,knowledge representation and intelligent analysis for attacks are investigated.We put forward the theory and effective methods for the analysis and detection of attacks by Petri Net and artificial intelligence.Firstly,judgment PN machine and colored judgment PN machine are proposed which can be used to model attacks,and their running mechanisms can be used to detect the intrusion. Secondly,the problem of associated relation of models is solved by colored synthesis processes of colored judgment PN machine,and the knowledge database of IDS is updated and expanded through inductive learning.Finally,the theory of judgment PN machine is applied successfully to the Railway Ticket and Reservation Network Security System.Concretely,the following aspects are investigated deeply in this paper.1) It is shown that not all of PN machines can model attacks.For a PN machine fit for modeling attacks,there is only one transition in the PN machine pattern matching the event if it can match for the given event in current situation,otherwise it will be error.For this,two new types of PN machines fit for modeling cyber attacks,judgment PN machine and colored judgment PN machine,are proposed.The synthesis process is used to associate and simplify models,but since traditional synthesis processes such as synchronous and sharing processes can not preserve the ability of original models,the simultaneity synthesis process and the colored synthesis process are given.At the same time,it is proved that their behavior relations can keep the detection ability of original models,so they can be used to associate the attack models.