Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An Intrusion Response Method Based on Attack Graph and Theory of Mind

A technology of attack graph and Bayesian attack graph, which is applied in the field of network security and can solve problems such as incompatibility with network attacks

Active Publication Date: 2020-12-29
ZHEJIANG UNIV
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this fixed mapping relationship is not suitable for new types of network attacks
Secondly, in a complex attack-defense game, the attacker usually has a certain learning ability. After several failed attacks, the attacker may find that the current attack behavior has been successfully defended.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Intrusion Response Method Based on Attack Graph and Theory of Mind
  • An Intrusion Response Method Based on Attack Graph and Theory of Mind
  • An Intrusion Response Method Based on Attack Graph and Theory of Mind

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] specific implementation

[0044] The present invention will be described in detail below according to the accompanying drawings to highlight the purpose and specific effects of the present invention.

[0045] The present invention is an intrusion response method based on attack graph and psychological theory. Firstly, network attack and defense parties are modeled as a zero-sum two-player random game. Attackers aim to invade the entire network by exploiting a series of loopholes in the system, while defenders deploy monitoring devices to obtain the current network status, analyze the behavior of the attacker, and use the first-order ToM to speculate that the attacker will be most effective at the next moment. Attacks that may be taken, so that real-time and effective response measures can be formulated. The present invention mainly comprises the following steps:

[0046] Step 1: The present invention firstly models both network attack and defense as a two-person zero-...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an intrusion response method based on an attack graph and a psychological theory. According to the method, each step of action when an attacker invades a network is simulated through an attack graph; the probability that the attacker takes a certain action at the next moment can be speculated by analyzing the attack psychology of the attacker, and in order to maximize the income value in the network attack and defense game, the defender formulates a corresponding response measure according to the speculated attacker behavior, so that real-time network response is provided. Compared with a traditional IDS alerts mapping response action method, the method has the advantages that the response strategy is adjusted in real time during multi-step complex intrusion detection, real-time response is achieved, and efficient protection is achieved.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to an intrusion response method based on attack graph and psychological theory. Background technique [0002] With the increasingly complex forms of network attacks, network intrusion detection and defense are facing severe challenges. Today, a complex network attack usually gradually invades the entire network in the form of a multi-step attack, which greatly increases the difficulty for defenders to defend the network. When the network is faced with multi-step intrusion, how to formulate correct defense measures for each step of attack has become an important task for defenders. The intrusion response system (IRS) aims to formulate corresponding countermeasures for network intrusions, take response measures when network intrusions are detected, and shorten the time window for network restoration. [0003] The traditional intrusion response system maps the alarm message ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/142H04L41/147H04L63/1416H04L63/1433H04L63/1441H04L63/20
Inventor 吴春明程秋美周伯阳周海峰
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products