Building method of combined attack correlation and attack scene modelling on the basis of attack mode

A technology of attack scenarios and construction methods, which is applied in the field of intrusion alarm event correlation, can solve problems such as unsatisfactory effects and incompleteness, and achieve the effects of improving correlation analysis and prediction performance, improving accuracy, and simplifying calculations

Inactive Publication Date: 2009-12-09
NANJING UNIV
View PDF0 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the construction of the attack scene is too simple, not complete, and the effect is not ideal

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Building method of combined attack correlation and attack scene modelling on the basis of attack mode
  • Building method of combined attack correlation and attack scene modelling on the basis of attack mode
  • Building method of combined attack correlation and attack scene modelling on the basis of attack mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The present invention will be described in detail below in conjunction with the drawings.

[0050] Such as figure 1 As shown, the intrusion detection system obtains network message data through the network session event collection device, and undergoes preprocessing such as message data formatting and feature extraction, and then intrusion identification, and subsequent processing such as alarm correlation and intrusion tracking.

[0051] Alarm correlation is the main method to improve the prediction accuracy of the network intrusion detection system. The idea of ​​the present invention is to improve the performance of the entire network intrusion detection system by improving the correlation accuracy of the alarm information. The alarm correlation process is the flow chart of the compound attack correlation and attack scenario construction method based on attack mode modeling of the present invention. figure 2 Shown.

[0052] Step 0 is the initial state of the network in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a building method of combined attack correlation and attack scene modelling on the basis of an attack mode, comprising the following steps: 1) the stage of building an attack path map: 11) warning information is treated primarily; 12) a relevant attack path map is built to the pre-treated warning information ; 13) the risk degree of an attack target is calculated, if the risk degree is larger than a preset threshold value, warning information is sent out; 14) the stage is finished. 2) the correlation stage of attack scene map: 21) the attack scene map is treated primarily; 22) each mapping in an attack path map assembly is added into an attack scene map assembly; 23) a combined attack scene map is correlated; 24) the stage is finished. The building method of combined attack correlation and attack scene modelling on the basis of an attack mode of the invention improves the correlation analysis precision rate of warning time under the condition of keeping simple calculation, so that correlation analysis and prediction performance of an intrusion detection system can be improved.

Description

Technical field [0001] The invention relates to an intrusion alarm event correlation method, in particular to a compound attack correlation and attack scenario construction method based on attack mode modeling. Background technique [0002] In the real network world, most of the attacks carried out by attackers on the target system do not use a single tool and method, but a combination of multiple tools and methods, and there is often a certain time and space span when attacking. These seemingly scattered individual attacks are actually part of the same attack, and the complete attack process formed by their combination is called a compound attack. Traditional IDS mostly detects a single attack, and cannot find the logical connection between multiple attacks, so that it cannot fully observe the full picture of the intrusion process. Therefore, in order to better protect the security of computer systems, the detection and correlation of compound attacks is an important issue. [0...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06H04L12/26
Inventor 王崇骏刘志杰赵志宏骆斌
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap