Attack intention recognition method based on Bayesian network inference

A Bayesian network and identification method technology, applied in the field of attack intent identification based on Bayesian network reasoning, can solve problems such as difficult to understand and analyze, large amount of alarm information, and inability to predict attacker attacks.

Inactive Publication Date: 2012-10-10
BEIHANG UNIV
View PDF2 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In a general intrusion detection system, only a single attack behavior is alarmed, and the alarm information is too large to understand and analyze, and it is impossible to predict the next possible attack of the attacker.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack intention recognition method based on Bayesian network inference
  • Attack intention recognition method based on Bayesian network inference
  • Attack intention recognition method based on Bayesian network inference

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The present invention will be described in detail below in conjunction with the drawings and specific embodiments.

[0041] The present invention is an attack intention identification method based on Bayesian network reasoning, which can be used in computer network self-organizing confrontation. According to the given topology information, the vulnerability information of the host in the topology and the constraint relationship between attack behaviors, etc., use The breadth-first forward search method automatically generates the attack graph as the attack scenario, and then matches the generated attack scenario with the IDS alarm information. Based on the Bayesian network inference method, the attacker’s attack intention probability is calculated, and The calculated parameters can be updated based on the calculation results and historical information. The entity division and activity division in the attack intention recognition of the present invention are respectively sh...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an attack intention recognition method based on Bayesian network inference. The attack intention recognition method is applied to the attack intention recognition of an intelligence and decision-making oriented system with a parameter learning mechanism in computer network self-organizing operation (CNSOO). The method can enable an intelligence system to recognize the attack intention of an attacker by using IDS (Intrusion Detection System) alarm information according to given host vulnerability information, network topological information and attack knowledge base and supply the attack intention to a decision-making system as a decision-making basis in a CNSOO environment. The attack intention recognition process comprises the following steps of: generating attacking scenes, fusing and matching IDS alarm information, updating conditional probability distribution caused by attacking behaviors, calculating the probability of attack intention nodes by using a clique tree propagation algorithm in the Bayesian network inference, and updating Bayesian network parameters and IDS detection capability. The calculation parameters are updated according to calculation results and historical information, so that the calculation results can be more accurate.

Description

Technical field [0001] The present invention relates to the technical field of computer network security, in particular to an attack intention identification method based on Bayesian network reasoning, which can be used in Computer Network Self-Organizing Operations (CNSOO). Background technique [0002] Currently, network attacks are developing in the direction of complexity, diversity, and distribution. The vast majority of real attacks are not isolated actions, but compound attacks composed of many scattered actions (a series of attack actions). In a general intrusion detection system, only individual attack behaviors are reported to the police. The amount of alarm information is large and difficult to understand and analyze, and it cannot predict the next possible attack of the attacker. Attack intent is the purpose of attack that the attacker tries to achieve through a series of attack behaviors, and attack intent identification is the process of identifying the attack inten...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 夏春和原志超姚珊冯杰
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap