Multi-step attack scene mining method based on neural network and Bayesian network attack graph

A Bayesian network and attack scenario technology, which is applied in the field of multi-step attack scenario mining, can solve the problems of high computational overhead, high false alarm rate, and high complexity of data mining algorithms, and achieve the effect of improving mining efficiency and eliminating false alarms

Active Publication Date: 2019-02-12
BEIJING UNIV OF POSTS & TELECOMM
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantages are: 1. It is only suitable for threat behaviors with obvious causal relationship between steps, and the ability to discover unknown threats is weak; 2. The search space is large, the calculation overhead is large, and the system resource requirements are high; 3. Rules It is difficult to control the granularity of the definition. Too fine a granularity will lead to a higher rate of false positives, and too coarse a granularity will lead to a higher rate of false positives.
The disadvantages are: 1. The data mining algorithm has high complexity and high computational overhead; 2. The accuracy of the results obtained by correlation is difficult to judge, and further analysis is required in combination with domain knowledge

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-step attack scene mining method based on neural network and Bayesian network attack graph
  • Multi-step attack scene mining method based on neural network and Bayesian network attack graph
  • Multi-step attack scene mining method based on neural network and Bayesian network attack graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the above-mentioned features and advantages of the present invention more comprehensible, the method of the present invention will be further described in detail below in conjunction with specific implementation methods and accompanying drawings.

[0036] Such as figure 1 As shown, the offline mode of the multi-step attack scene mining method based on neural network and Bayesian network attack graph of the present invention, the method comprises the following steps:

[0037] Step 101 , extracting three attributes of the IDS alarm log, namely, Numbers of related alerts, Alert density, and Alert periodicity.

[0038] Step 102, using the three attributes extracted in the previous step to construct a fully connected neural network, and output the correct probability of the alarm log to eliminate false alarms.

[0039] Step 103, divide all alarms into L batches. Divide time windows for all batches, traverse all time windows in each bi (1≤i≤L), convert and ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a novel multi-step attack scene mining method. The method is divided into an offline mode and an online mode. In the offline mode, a user uses a known real attack alert log to carry out training to eliminate false alerts through a neural network and generates a Bayesian network attack graph through a series of processing such as alert aggregation processing and causal association attack sequence generation; in the online mode, the user can carry out update and iteration on the neural network and the Bayesian network attack graph which are generated in the previous offline mode through a large number of online alert logs, so that the attack graph after iteration is more complete and accurate; and lastly, a plurality of multi-step attack scenes are extracted from the Bayesian network attack graph. Through the adoption of the technical method, the attack mode can be found from a large amount of redundant alert logs through misinformation elimination of the alert logs and the multi-step attack scene can be constructed.

Description

technical field [0001] The invention relates to the field of scene analysis of network logs, and the invention proposes a multi-step attack scene mining method based on a neural network and a Bayesian network attack graph. Background technique [0002] So far, the research on alarm correlation is mainly divided into four categories, the method based on causal logic, the method based on the scene, the method based on similarity and the alarm correlation analysis based on data mining. [0003] The method based on causal logic assumes that there is a causal relationship between consecutive abnormal events from the same threat behavior, and the latter abnormal event is carried out on the premise that the previous abnormal event is valid. By matching the antecedents and consequences between the alarms, the alarm data is causally correlated to reconstruct the network threat behavior. The advantages of this type of method are: 1. It only needs to analyze the cause and effect of a ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/069H04L63/1425H04L63/1433
Inventor 张茹刘建毅刘博文
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap