期刊
MATHEMATICS
卷 11, 期 8, 页码 -出版社
MDPI
DOI: 10.3390/math11081897
关键词
SDN; network attack; scenario reconfiguration; probabilistic model; topology reconfiguration model
类别
In recent years, various network attacks have increased, while their details and characteristics are often recorded in Pcap data. Analyzing these details solely through traditional methods is not effective, hence the importance of restoring network attack scenarios through scene reconstruction for detecting and defending against network attacks. This paper proposes an SDN-based network attack scenario recovery method that can regenerate network traffic data by parsing Pcap data and utilizing network topology reconstruction, probability, and packet sequence models. Experimental results show a higher similarity between the reconstructed and actual attack scenarios, providing network defenders with a better understanding of the attackers' posture and enabling them to formulate appropriate security strategies.
In recent years, various network attacks have emerged. These attacks are often recorded in the form of Pcap data, which contains many attack details and characteristics that cannot be analyzed through traditional methods alone. Therefore, restoring the network attack scenario through scene reconstruction to achieve data regeneration has become an important entry point for detecting and defending against network attacks. However, current network attack scenarios mainly reproduce the attacker's attack steps by building a sequence collection of attack scenarios, constructing an attack behavior diagram, or simply replaying the captured network traffic. These methods still have shortcomings in terms of traffic regeneration. To address this limitation, this paper proposes an SDN-based network attack scenario recovery method. By parsing Pcap data and utilizing network topology reconstruction, probability, and packet sequence models, network traffic data can be regenerated. The experimental results show that the proposed method is closer to the real network, with a higher similarity between the reconstructed and actual attack scenarios. Additionally, this method allows for adjusting the intensity of the network attack and the generated topology nodes, which helps network defenders better understand the attackers' posture and analyze and formulate corresponding security strategies.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据