摘 要:对军用计算机及服务器的恶意登录攻击已成为敌对势力窃取我军重要涉密信息的主要手段之一,该攻击手段因具有隐蔽性好、破坏性大的特点,对我军的信息安全造成巨大的威胁。鉴于此,综合研究了当前恶意登录攻击检测方法的工作流程和原理,并分析了各检测方法在准确性、复杂度、时效性等方面的优缺点。最后提出,应结合网络安全的实际任务需求,合理选取恶意登录攻击检测方法,以求达到最佳的检测效果。
关键词:恶意登录;入侵检测;阈值
DOI:10.19850/j.cnki.2096-4706.2023.05.022
中图分类号:TP309 文献标识码:A 文章编号:2096-4706(2023)05-0094-04
Overview of Malicious Login Attack Detection Method
ZHANG Lei 1, ZHANG Hongde 1, LI Jinzhen2
(1.School of Communications Noncommissioned Officers, Army Engineering University of PLA, Chongqing 400035, China; 2.31608 Troops of PLA, Xiamen 361000, China)
Abstract: Malicious login attacks on military computers and servers have become one of the main means for hostile forces to steal important confidential information of our army. Because of its good concealment and strong destructiveness characteristics, this attack means poses a huge threat to the information security of our army. In view of this, the workflow and principle of current malicious login attack detection methods are comprehensively studied, and the advantages and disadvantages of each detection method in terms of accuracy, complexity and timeliness are analyzed. Finally, it is proposed that the malicious login attack detection method should be reasonably selected according to the actual task requirements of network security, in order to achieve the best detection effect.
Keywords: malicious login; intrusion detection; threshold
参考文献:
[1] 明泽 . 基于主机日志的恶意登录异常检测方法研究 [D].太原:中北大学,2021.
[2] FLEGEL U,VAYSSIERE J,BITZ G. A State of the Art Survey of Fraud Detection Technology [J].Insider Threats in Cyber Security,2010:73-84.
[3] 应锦鑫,曹元大 . 利用蜜罐技术捕捉来自内部的威胁 [J].网络安全技术与应用,2005(1):37-39.
[4] 文雨,王伟平,孟丹 . 面向内部威胁检测的用户跨域行为模式挖掘 [J]. 计算机学报,2016,39(8):1555-1569.
[5] 刘敬,谷利泽,钮心忻,等 . 基于单分类支持向量机和主动学习的网络异常检测研究 [J]. 通信学报,2015,36(11):136-146.
作者简介:张磊(1985—),男,汉族,辽宁鞍山人,研究生在读,研究方向:战场信息处理与信息安全防护。