Method for constructing network inbreak scene based on hidden Mrakov model

A hidden Markov and network intrusion technology, applied to digital transmission systems, electrical components, transmission systems, etc., can solve problems such as unrecognizable attack intentions and complicated processing processes

Inactive Publication Date: 2009-07-29
范九伦
View PDF0 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0018] The purpose of the present invention is to avoid the problems in the prior art that the attack intention cannot be identified, excessive reliance on the knowledge base, and complicated processing process, etc., and provide a method for intrusion alarm correlation analysis based on the hidden Markov model to reconstruct the intrusion scene

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for constructing network inbreak scene based on hidden Mrakov model
  • Method for constructing network inbreak scene based on hidden Mrakov model
  • Method for constructing network inbreak scene based on hidden Mrakov model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0101] The present invention mainly includes three main steps of preprocessing of intrusion alarm data, correlation analysis of alarm data and construction of intrusion scene, such as figure 2 shown. The details are as follows:

[0102] 1. Alarm preprocessing

[0103] The present invention adopts the method of alarm aggregation to preprocess the original alarm.

[0104] In order to realize alarm aggregation, it is necessary to extract key attributes from the alarm information generated by IDS to form the original alarm. By calculating the degree of difference between the original alarms, the aggregation of similar alarms is realized, and super alarms are obtained. Since the attribute values ​​of the original alarms are quite different and have different data types, they play different roles in determining the difference between alarm information. Therefore, different calculation methods of difference degree should be adopted for each attribute. After obtaining the degree...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a constructing method of a network invading scene based on a hidden Markov model, which mainly comprises the following steps of: preprocessing to invading and alert data, association analysis of alert data and construction for invading scene, wherein, the preprocessing of alert data aims at collecting redundant alert, compressing alert data set, eliminating the influence of large amount of repeating alert and making preparation for association analysis of alert data. The invention carries out model construction to network attack behaviors by an attack body and the hidden Markov model and guarantees that the description to the types of network attacks and description to the attack process meet the requirements of reasonableness and completeness. Simultaneously, the problem for association analysis of alert data is transformed into a decoding problem of the hidden Markov model, and an improved Viterbi algorithm is used for carrying out solving to the problem and the accuracy of the result of analysis is high. Backtracking processing is carried out to the result of association analysis according to a certain constraint condition so as to construct the invading scene which is accorded with the actual network attack process.

Description

technical field [0001] The invention relates to a network attack scene construction method based on a hidden Markov model, including three complete stages of preprocessing of alarm data, correlation analysis of alarm data and construction of an intrusion scene. Background technique [0002] It is a new direction for the development of intrusion detection technology to build intrusion scenarios through correlation analysis of intrusion alarms, and it has been concerned in the field of intrusion detection technology since around 2000. At present, a large number of analysis methods have been proposed, which can be mainly divided into alarm clustering methods and correlation analysis methods. Among them, correlation analysis methods can be divided into alarm correlation methods based on attack planning library and alarm correlation methods based on attack behavior modeling. . [0003] Alarm clustering (clustering) method belongs to the most primary association analysis, cluster...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L29/06
CPCH04L63/1408
Inventor 范九伦王琢
Owner 范九伦
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap