Attack intention recognition method based on Bayesian network inference

A Bayesian network and identification method technology, applied in the field of attack intent identification based on Bayesian network reasoning, can solve problems such as difficult to understand and analyze, large amount of alarm information, and inability to predict attacker attacks.
CN102724199AInactive Publication Date: 2012-10-10BEIHANG UNIV
2 Cites 32 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIHANG UNIV
Publication Date
2012-10-10
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides an attack intention recognition method based on Bayesian network inference. The attack intention recognition method is applied to the attack intention recognition of an intelligence and decision-making oriented system with a parameter learning mechanism in computer network self-organizing operation (CNSOO). The method can enable an intelligence system to recognize the attack intention of an attacker by using IDS (Intrusion Detection System) alarm information according to given host vulnerability information, network topological information and attack knowledge base and supply the attack intention to a decision-making system as a decision-making basis in a CNSOO environment. The attack intention recognition process comprises the following steps of: generating attacking scenes, fusing and matching IDS alarm information, updating conditional probability distribution caused by attacking behaviors, calculating the probability of attack intention nodes by using a clique tree propagation algorithm in the Bayesian network inference, and updating Bayesian network parameters and IDS detection capability. The calculation parameters are updated according to calculation results and historical information, so that the calculation results can be more accurate.
Need to check novelty before this filing date? Find Prior Art

Description

Technical field

[0001] The present invention relates to the technical field of computer network security, in particular to an attack intention identification method based on Bayesian network reasoning, which can be used in Computer Network Self-Organizing Operations (CNSOO). Background technique

[0002] Currently, network attacks are developing in the direction of complexity, diversity, and distribution. The vast majority of real attacks are not isolated actions, but compound attacks composed of many scattered actions (a series of attack actions). In a general intrusion detection system, only individual attack behaviors are reported to the police. The amount of alarm information is large and difficult to understand and analyze, and it cannot predict the next possible attack of the attacker. Attack intent is the purpose of attack that the attacker tries to achieve through a series of attack behaviors, and attack intent identification is the process of identifying the attack inten...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More