Attack stage prediction method based on LSTM and attacker information

A prediction method, an attacker's technology, applied in prediction, neural learning methods, character and pattern recognition, etc., can solve problems such as dependence

Pending Publication Date: 2021-11-02
BEIJING UNIV OF TECH
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 3. Intrusion attempts
Historically, initial approaches relied on attack libra...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack stage prediction method based on LSTM and attacker information
  • Attack stage prediction method based on LSTM and attacker information
  • Attack stage prediction method based on LSTM and attacker information

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Such as figure 1 As shown, the specific implementation of this paper is as follows:

[0036] Warning-related data collection: collect network attack warnings fed back by the intrusion detection system of the target asset, and obtain the warning data of the network attack on the target asset for one year, where the input feature vector of the LSTM model is an n×32 matrix, and the n rows of the matrix are respectively It is the relevant data about the network attacks suffered by the target asset in the past n times, and each row is composed of 32 dimensions. Because it is necessary to predict the stage of the next network attack, y is the step number of the next warning in the multi-stage attack chain during training. All dimensions of X in the training set can be divided into three parts.

[0037] The first part consists of the target asset warning data; the second part is the network traffic data at the time of the attack; the third part is the data of the attacker's ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an attack stage prediction method based on LSTM and attacker information, and belongs to the field of attack prediction. The method comprises the following steps: collecting warning information of network attacks in a long period of time through an LSTM system; collecting historical information of attackers in a large amount of warning information; preprocessing the historical data to construct a training set, a verification set and a test set required by LSTM model training; then training an LSTM model by using the training set, and determining whether to stop learning of the LSTM on the training set in advance by using the loss of the verification set; and enabling the finally obtained model to be capable of predicting the preprocessed input data, and obtaining the step that the next attack in the multi-stage network attack in the future through prediction.

Description

technical field [0001] The invention relates to an attack prediction method based on LSTM model and attacker's historical information, belonging to the field of attack prediction. Background technique [0002] To predict subsequent attacks, it is often necessary to record the attacker's behavior and build a description of the attack for later use. Bou-Harb et al. dissect a cyber attack into the following steps: [0003] 1. Network scan [0004] 2. Enumeration [0005] 3. Intrusion attempts [0006] 4. Elevate privileges [0007] 5. Perform malicious tasks [0008] 6. Deploying malware / backdoors [0009] 7. Perform malicious tasks [0010] 8. Delete evidence and exit [0011] Many types of cyberattacks follow this simple sequence of events, which can be observed in network traffic or on targeted systems. Prediction of ongoing attacks is inherently very simple. If we see a series of events that fit the attack model, we can assume that the attack will continue accordi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06Q10/04G06N3/04G06N3/08G06K9/62G06F21/57
CPCG06Q10/04G06N3/084G06F21/577G06N3/045G06N3/044G06F18/214
Inventor 李童李战士杨震
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap