A Detection and Forecast Algorithm for Multi-Step Attack Based on Intrusion Intention
DOI:
Author:
Affiliation:

Clc Number:

Fund Project:

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    The multi-step attack is one of the primary forms of the current intrusions. How to detect these attacks is an important aspect of IDS research. The correlation research to intrusion detection performs mainly on the following aspects: (1) reducing the false positives and false negatives; (2) detecting unknown attacks; (3) attack forecasting. Especially the development of the third point perhaps improves the passive detection to the active protection. Through the study on patterns of the multi-step attack, a detection and forecast algorithm is designed for multi-step attack based on intrusion intention. In this algorithm, an extended directed graph is used to show attack types and their relations, while the correlation is performed according to the method of backwards matching and absent matching. Based on the weighted summation of correlation attack’s chain and the branch’s weights on the logic graph of attack, the probability of the next attack can be computed. The effect of this algorithm includes the detection of multi-step attack, attack forecasting, detecting unknown attacks, and reducing the false alarms. This paper also presents the process of experimental and analysis result for validity of the algorithm.

    Reference
    Related
    Cited by
Get Citation

鲍旭华,戴英侠,冯萍慧,朱鹏飞,魏军.基于入侵意图的复合攻击检测和预测算法.软件学报,2005,16(12):2132-2138

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:June 11,2004
  • Revised:June 02,2005
  • Adopted:
  • Online:
  • Published:
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063