Network safety state evaluation and attack prediction method

A technology for network security and status assessment, applied in computer security devices, character and pattern recognition, instruments, etc., can solve the problem of lack of assessment of security status in attack phase

Active Publication Date: 2020-09-25
INST OF INFORMATION ENG CAS
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In [Udaya Sampath K. Perera Miriya Thanthrige, Jagath Samarabandu, and Xianbin Wang. "Intrusion Alert Prediction Using a Hidden Markov Model." arxiv:1610.07276, 2016.], t...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network safety state evaluation and attack prediction method
  • Network safety state evaluation and attack prediction method
  • Network safety state evaluation and attack prediction method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0076] The technical solution of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0077] In order to verify the method of the present invention and compare it with previous methods, the present invention selects the LLDOS1.0 attack scene in the DARPA2000 data set for experimentation. In this attack scenario, there are five attack stages:

[0078] (1) The attacker scans the network to determine which hosts are up.

[0079] (2) The attacker uses Sadmind ping to find weak hosts running Sadmind service among the active hosts.

[0080] (3) The host is invaded by the Sadmind buffer overflow vulnerability.

[0081] (4) Install DDOS Trojans on the controlled host.

[0082] (5) Use the controlled host to initiate a DDOS attack.

[0083] The invention uses Snort as a network intrusion detection system to generate an intrusion alarm, and uses python to write and implement a program.

[0084] First, the most representati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network safety state evaluation and attack prediction method, which comprises the following steps of: 1) selecting representative IDS alarms from alarms generated by an intrusion detection system IDS in a set observation period, and taking each selected representative IDS alarm as an attack step; arranging the representative IDS alarms belonging to the same class of attacks according to a time sequence to obtain an attack step sequence of the class of attacks; 2) respectively extracting an attack event from the attack step sequence of each type of attack; 3) generating a training sequence to train a Markov model (HMM) by utilizing attack events extracted from the attack step sequence of the mth attack, and storing each trained HMM and a corresponding training sequence S; and 4) for an observation sequence, matching the observation sequence with the training sequence S corresponding to each HMM, selecting the most matched HMM, inputting the observation sequenceinto the most matched HMM, and evaluating the network safety state corresponding to the observation sequence.

Description

technical field [0001] The invention relates to a network security state evaluation and attack prediction method based on a semi-Markov conditional random field, and belongs to the technical field of computer network security. Background technique [0002] A multi-step attack is a common form of cyber attack today, which consists of a group of related malicious activities performed by the same attacker to achieve a specific goal. Due to the extreme sophistication of the techniques attackers use to attack computer systems and networks, many techniques, such as intrusion detection systems (IDS), have been developed to detect attacks. As the complexity and size of the network grows, IDS generate a large amount of alarm data. In general, an attack phase includes several associated attack events. The present invention can analyze these massive IDS alarm data, identify and extract information about attack events, and such information can be used for security state assessment and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57G06F21/55G06K9/62
CPCG06F21/577G06F21/554G06F18/295
Inventor 詹孟奇李杨张棪杨兴华范雨琳
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap