Network intrusion situation intention evaluation method based on alarm integration

A network intrusion and situational technology, applied in the field of network security, to achieve the effect of simple and convenient operation and low computational complexity

Active Publication Date: 2018-11-06
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU +1
View PDF5 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are two difficult problems in the evaluation of intrusion intention based on causal correlation: the detection of false positives and the setting of correlation strength. Accuracy of assessment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network intrusion situation intention evaluation method based on alarm integration
  • Network intrusion situation intention evaluation method based on alarm integration
  • Network intrusion situation intention evaluation method based on alarm integration

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions. The technical term involved in the embodiment is as follows:

[0026] The existing intrusion intent assessment based on alarm fusion is divided into three categories. The method based on machine learning has a large amount of calculation, low accuracy, and poor real-time performance; the method based on known attack scenarios has limited application and cannot detect unknown attack scenarios. The method based on causal correlation lacks false positive and negative detection and correlation strength setting, and the accuracy is also affected. In view of this, an embodiment of the present invention provides a network intrusion situation intention assessment method based on alarm fusion, see figure 1 shown, including:

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of the network security, and especially relates to a network intrusion situation intention evaluation method based on alarm integration. The method comprises the following steps: collecting network environment information, generating a Bayes attack graph model, wherein the network environment information at least comprises network connectivity, networkservice loopholes, host network configuration and access policy information, and the Bayes attack graph model comprises an attack state node, an atom attack node and an alarm evidence node; setting alarm confidence and association strength through the Bayes attack graph model, extracting effective alarm evidence; respectively computing the alarm confidence of the effective alarm evidence for eachattack state node; and evaluating the intruded probability of the effective node, and outputting the threaten order of all situation intention nodes. The method disclosed by the invention is low in computation complexity, not overly dependent on the historic data, simple and convenient for operation, capable of improving the node attack probability prediction accuracy, thereby providing reliable and effective data reference for defense decision and providing reliable guidance for the safety defense decision of the auxiliary network.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to a method for evaluating network intrusion situation intentions based on alarm fusion. Background technique [0002] In today's era of globalization, network technology is like the nerves of the entire society, profoundly affecting the development of international politics, economy, culture, society, military and other fields. As the network structure becomes more and more complex and the scale becomes larger and larger, the intrusion process is also developing towards a large-scale, concealed and camouflaged trend. The intrusion intention assessment technology integrates and correlates the alarm data, combines the super-alarm after alarm aggregation and alarm confirmation with the actual background knowledge of the network, digs out the real network threats and security events in it, and reveals the surface of each security event. The logical association behind it calcu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/0631H04L41/145H04L63/0227H04L63/1416H04L63/1433
Inventor 胡浩刘玉岭张玉臣张红旗刘小虎汪永伟孙怡峰黄金垒
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap