最近，Cisco重返網(wǎng)絡(luò)安全的一個標志性收購就是買下了位于捷克的Cognitive Security公司。這家由捷克一所大學(xué)老師創(chuàng)立的startup公司有啥看家的本領(lǐng)呢？呵呵，原來就是DFI，或者說是基于流量的異常檢測技術(shù)。

專注于為中小企業(yè)提供成都網(wǎng)站設(shè)計、網(wǎng)站制作服務(wù),電腦端+手機端+微信端的三站合一,更高效的管理,為中小企業(yè)興國免費做網(wǎng)站提供優(yōu)質(zhì)的服務(wù)。我們立足成都，凝聚了一批互聯(lián)網(wǎng)行業(yè)人才，有力地推動了上千多家企業(yè)的穩(wěn)健成長，幫助中小企業(yè)通過網(wǎng)站建設(shè)實現(xiàn)規(guī)模擴充和轉(zhuǎn)變。

Cognitvie的目標很明確，就是檢測APT，還有0-day***，以及其他多態(tài)惡意代碼。

Cognitive用到了以下基于異常的檢測算法，不是什么新的算法，但是他們做到了實用化。

Cognitive Analyst's products and services utilize a multi-stage detection algorithm to generate a Cognitive Trust Score (CTS), which is effectively a measure of ''Trustfulness' to the data which is being analyzed. Currently eight stages are used to increase the detection and accuracy of threats, and collectively generate an accurate CTS for an analyst to action and subsequently mitigate against an attack. A selection of these algorithms are summarized as follows:

• MINDS algorithm [Ertoz et al, 2004] 【一種基于源/目標分析的***檢測算法】The Minnesota Intrusion Detection System (MINDS) processes data from a number of flows: 1. Data from a single source IP to multiple destinations, 2. flows from multiple sources to a single destination, or 3. a series of flows between a single source to a single destination.
• Xu et al. algorithm [Xu, Zhang et al, 2005] 【一種流量源分類算法】This algorithm serves to classify traffic sources. A normalized entropy is established (i.e. establishing meaningful analysis to the apparent randomness of a data set), determined by applying static classification rules to the established normalized states.
• Volume prediction algorithm [Lakhina et al, 2004] 【流量預(yù)測算法】uses the Principal Components Analysis (PCA) methodology, which is a mathematical procedure used to formulate predictive models. In order to build a model of traffic volumes from individual sources, values are determined based on the number of flows, bytes, and packets generated from each source. The PCA method then identifies the complex relationships between the traffic originating from distinct sources.
• Entropy prediction algorithm [Lakhina et al, 2005]【熵預(yù)測算法】 This algorithm is similar to the PCA-based traffic modeling discussed above, but uses different features than just volume prediction. Entropy prediction aggregates traffic from source IPs, but instead of processing traffic volumes, it predicts the entropy of source and destination ports, and destination IPs.
• TAPS algorithm [Sridharan et al, 2006]【一種流量逐層分析算法】 targets a specific class of attacks by classifying a subset of suspicious traffic sources and characterizing them by three features: 1. the number of destination IP addresses, 2. the number of ports in the set of flows from the source, and 3. the entropy of the flow size. The anomaly of the source is based on the ratios between these values.

其實，對于這類技術(shù)，我已經(jīng)多次提到過了。我們也在這方面做出了很多努力和工作，并且也已經(jīng)用到了我們的產(chǎn)品之中。

【參考】

基于異常的檢測技術(shù)

當前文章：CognitiveSecurity的異常檢測技術(shù)
本文鏈接：http://aaarwkj.com/article32/ihhdsc.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供Google、App開發(fā)、網(wǎng)站收錄、搜索引擎優(yōu)化、虛擬主機、全網(wǎng)營銷推廣

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明來源： 創(chuàng)新互聯(lián)