Multi-step attack prediction method based on cause-and-effect Byesian network

A Bayesian network and Bayesian attack graph technology, applied in electrical components, transmission systems, etc., can solve the problem of not being able to adapt to the dynamic changes of network attack patterns, and achieve network and computer information security, high reliability, etc. The effect of reliability

Active Publication Date: 2017-02-15
THE PLA INFORMATION ENG UNIV
View PDF1 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In order to overcome the deficiencies in the prior art, the present invention provides a multi-step attack prediction method based on the causal Bayesian network, which realizes automatic mining of multi-step attack patterns, reasoning and prediction of the next attack and the final attack, and solves the problem of manually constructing attack patterns and The method of setting prediction parameters cannot well adapt to the problem of dynamic changes in network attack patterns

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-step attack prediction method based on cause-and-effect Byesian network
  • Multi-step attack prediction method based on cause-and-effect Byesian network
  • Multi-step attack prediction method based on cause-and-effect Byesian network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] Embodiment one, see figure 1 As shown, a multi-step attack prediction method based on causal Bayesian network includes the following steps:

[0032] Step 1. Collect known attack scene data, of which, part of the data is used as a training data set, and the other part of the data is used as a test data set;

[0033] Step 2. Using the attack steps in the multi-step attack scenario in the training data set as attack evidence, perform parameter probability inference on the causal Bayesian attack graph, calculate the occurrence probability of unknown attacks in the causal Bayesian attack graph, and predict the network multi-step The next attack behavior of the attack and its attack intention;

[0034] Step 3. Based on the causal Bayesian attack graph, the unknown attack probability is calculated through the attack evidence, and the next attack behavior and attack intention of the network multi-step attack are predicted.

[0035] The present invention uses frequent patterns...

Embodiment 2

[0036] Embodiment two, see Figure 1~4 As shown, a multi-step attack prediction method based on causal Bayesian network, including the following content:

[0037] Step 1. Collect known attack scene data, of which, part of the data is used as a training data set, and the other part of the data is used as a test data set;

[0038] Step 2. Scan the training data set to find all frequent items in the training data attack sequence set, each frequent item corresponds to an attack step, and obtain the frequent item set, wherein the frequent item set contains n frequent items; according to the frequent item set, Obtain a sequence pattern set with a length of 1 prefixed by each frequent item, which is recorded as a frequent sequence subset, wherein the set of all suffixes contained in all sequence patterns prefixed by a frequent item is called the projection database of the prefix, On the projection database corresponding to different prefixes, execute repeatedly until no new sequence...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a multi-step attack prediction method based on a cause-and-effect Byesian network. First of all, a multi-step attack mode in an attack scene sample is mined by use of a frequent mode, the multi-step attack mode is depicted through a cause-and-effect Byesian network mode, based on this, a probability of future attacks is calculated through attack evidence, and thus next-step attack behaviors of network multi-step attacks and attack intensions of attackers can be predicted. According to the invention, a multi-step attack prediction method of manually constructing a network attack structure graph is optimized, the multi-step attack mode is mined automatically based on a frequent sequence mode, by means of the cause-and-effect Byesian network mode, the attack mode is depicted, network parameters are learnt, next-step attacks and the attack attentions are predicted, the attack prediction capability for unknown changing multi-step attack modes is improved, next-step attack means and a final attack attention of the multi-step attacks can be rapidly and accurately predicted, and the method has great realistic significance for safeguarding network and computer information security.

Description

technical field [0001] The invention belongs to the technical field of computer network communication, in particular to a multi-step attack prediction method based on a causal Bayesian network. Background technique [0002] With the rapid development of computer network technology, network security issues have increasingly become the focus of attention in the network field. Network attacks are becoming more frequent and the means more diverse and complex, resulting in more and more serious threats to network security. At present, the proportion of multi-step attacks in network attacks is very high. It is a complete attack composed of multiple different attack steps. The attack behavior is not obvious in the early stage, but when the attack is detected, it has already brought great harm to the attack target. serious damage. Quickly and accurately predicting the next attack method and final attack intention of a multi-step attack has important practical significance for prot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441
Inventor 尹美娟刘晓楠刘琰罗军勇胡倩郑燕丁文博韩冬
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap