Bayesian network-based multi-step attack security situation assessment method

A technology of Bayesian network and security situation, which is applied in the direction of computer security devices, instruments, platform integrity maintenance, etc., and can solve problems such as lack of multi-step correlation

Active Publication Date: 2017-01-18
CHONGQING UNIV OF POSTS & TELECOMM
View PDF4 Cites 57 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide a multi-step attack security situation assessment method based on Bayesian network, to solve the threat assessment of multi-step attack, the problem of lack of correlation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Bayesian network-based multi-step attack security situation assessment method
  • Bayesian network-based multi-step attack security situation assessment method
  • Bayesian network-based multi-step attack security situation assessment method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0055] figure 1 It is a flow chart of the network security situation assessment method provided by the present invention, including the following steps:

[0056] In step 101, a multi-step attack occurrence pattern is obtained by mining frequent items, which is used to construct an attack graph, and a set of candidate sequences is generated from security event alarm data by using a window sliding mechanism, and multi-step attack sequences are mined from the set of candidate sequences.

[0057] Step 102, using the multi-step attack graph to establish a Bayesian network, adding the system state attributes achieved by attacking the expected system on the basis of the attack graph, and adding event observation nodes to the Bayesian network.

[0058] Step 103, after the attack behavior information has been obtained in the net...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network security situation assessment method, in particular, a Bayesian network-based multi-step attack security situation assessment method. The method includes the following steps that: multi-step attack generating patterns are mined through association analysis, so that an attack graph can be constructed; a Bayesian network is established according to the multi-step attack graph, attack wills, probability of success of attacks and the accuracy of event monitoring are defined as the probability attributes of the Bayesian network; based on the event monitoring, a multi-step attack risk is calculated according to the posterior reasoning and cumulative probability of the Bayesian network; and the security situations of a host and the whole network are quantitatively assessed according to a hierarchical quantitative assessment method. With the method of the invention adopted, the problem of lack of correlation analysis in a network security situation assessment process can be solved. According to the method of the invention, monitoring events are taken into risk assessment, and a network security situation assessment model is accurately established, and therefore, the effectiveness and real-time performance of the method of the invention can be enhanced.

Description

technical field [0001] The invention relates to a network security assessment method, in particular to a Bayesian network-based multi-step attack security situation assessment method. Background technique [0002] With the rapid growth of my country's Internet market and the number of users, network security problems are also emerging. This makes the Internet, while benefiting the general public, be challenged by information theft, failures, accidents, viruses, etc., and the problems of network security and usability are becoming more and more prominent. Therefore, there is an urgent need for a new security technology that can process large-scale daily network data and form targeted protection strategies to improve network security performance, and research on network security situational awareness has emerged as the times require. [0003] Network security situational awareness is a proactive security defense mechanism. It will standardize and integrate multi-source heter...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F21/57
CPCG06F21/577H04L63/20
Inventor 李方伟王森明月
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap