WLAN multi-step attack intention pre-recognition method

Abstract

The invention discloses a WLAN multi-step attack intention pre-recognition method. The method includes three steps: constructing a hierarchical attack tree, generating the shortest prediction sequences and recognizing an attack intention in advance. The first step (1) of constructing a hierarchical attack tree includes constructing a hierarchical attack tree including characteristic nodes, storing wireless multi-step attack modes, describing a hierarchical relation among multi-step attack steps, and increasing the efficiency of attack intention pre-recognition. The second step (2) of generating the shortest prediction sequences includes generating the shortest prediction sequences for all the wireless multi-step attack modes by means of the constructed hierarchical attack tree, and defining the prior degree to evaluate the degree of pre-recognition. The third step (3) of recognizing an attack intention in advance includes designing a multi-step attack pre-recognition algorithm based on the shortest prediction sequences, and finally achieving on-line wireless multi-step attack intention pre-recognition. The beneficial effects of the method are that the wireless multi-step attack intention pre-recognition can be effectively achieved through generation of shortest prediction sequences of wireless multi-step attacks.

Description

technical field [0001] The invention relates to a pre-identification method, more specifically, it relates to a WLAN multi-step attack intention pre-identification method. Background technique [0002] As an important network security technology, intrusion detection and defense has been widely concerned by scholars. Various intelligent technologies such as data mining, neural network, expert system, artificial immune technology, etc. have been gradually applied to intrusion detection and defense systems. In recent years, as an important research content in the field of artificial intelligence, plan recognition (Plan Recognition) has a great correlation with intrusion detection and defense. The real attack intention of network attackers has been initially applied in intrusion detection and defense, and some research results have been obtained. [0003] In 2001, Geib and Goldman introduced the planning recognition method into the intrusion detection field for the first time, ...

AI Technical Summary

Problems solved by technology

For example, the research on wired network attack planning and identification mainly focuses on the protocol packet information at the network layer and above, focusing on key fields such as IP address, port number, and application layer protocol, while WLAN data packets mainly involve the physical layer and data link Layer protocol, focusing on the content below the network layer such as MAC address, Channel channel and Beacon beacon frame, so it is impossible to directly apply the multi-step attack identification method in the field of wired network intrusion detection to the wireless network environment

Images