Network Attack Prediction Model Construction Method Based on Uncertainty-Aware Attack Graph

Abstract

The invention discloses a network attack prediction model construction method based on an uncertain perception attack graph, which comprises the following steps: 1, adding an uncertain probability that vulnerabilities are attacked on the attack graph to obtain an uncertain perception attack graph; 2, associating the alarm information generated by the intrusion detection system when the service inthe network system is attacked, generating an alarm association graph, and generating an intrusion response graph by using a response decision corresponding to the alarm information; 3, according to the source host address of the alarm, the destination host address of the alarm, the source port number of the alarm, the destination port number of the alarm, the protocol used for alarm transmissionand the vulnerability number corresponding to the generated alarm, improving the uncertainty probability; 4, improving the uncertainty probability through the incidence relation between the response decisions in the intrusion response graph and the response cost; 5, obtaining the probability that the service is attacked according to the uncertainty probability so as to obtain a prediction attack model; the network attack prediction method can realize accurate and comprehensive prediction of the network attack.

Description

Technical field [0001] The invention belongs to the technical field of network security, and specifically relates to a method for constructing a network attack prediction model based on an uncertainty perception attack graph. Background technique [0002] In real life, the form of cyber attacks is ever-changing. After an attack occurs and causes serious consequences, the cost of taking measures is high and can cause unpredictable losses. Therefore, the research of attack prediction has emerged. In the invention, the uncertainty analysis of attacks is defined as attack prediction. Most researches use attack graphs to predict attacks. However, the attack graph mainly records some static information such as network vulnerability information and the relationship between vulnerabilities. Information, relatively little consideration of dynamic factors in the network. One is that factors such as the intrusion detection system detecting intrusion alarms, service dependencies in the netw...

AI Technical Summary

Problems solved by technology

In the invention, the uncertainty analysis of the attack is defined as the attack prediction. Most of the research is to predict the attack through the attack graph, but the attack graph mainly records some static information such as some network vulnerability information and the relationship between vulnerabilities. information, relatively little consideration is given to dynamic factors in the network

One is that the factors that can dynamically reflect the network security status, such as the intrusion alarm detected by the intrusion detection system, the service dependencies in the network, and the network intrusion response information, are not taken into account. The other is that there is no uncertainty in the attack probability, which makes the attack Predictive models cannot predict cyber attacks more accurately

Images