基于贝叶斯攻击图的网络入侵意图识别方法

doi:10.3778/j.issn.1002-8331.1809-0081

计算机工程与应用 ›› 2019, Vol. 55 ›› Issue (22): 73-79.DOI: 10.3778/j.issn.1002-8331.1809-0081

基于贝叶斯攻击图的网络入侵意图识别方法

王洋，吴建英，黄金垒，胡浩，刘玉岭

1.信息工程大学三院，郑州 450001
2.北京市公安局网络安全保卫总队，北京 100010
3.中国科学院软件研究所可信计算与信息保障实验室，北京 100190
4.中国科学院大学网络空间安全学院，北京 101408

出版日期:2019-11-15 发布日期:2019-11-13

Network Intrusion Intention Recognition Method Based on Bayesian Attack Graph

WANG Yang, WU Jianying, HUANG Jinlei, HU Hao, LIU Yuling

1.The Third Institute, Information Engineering University, Zhengzhou 450001, China
2.Cyber Security Guard, Beijing Public Security Bureau, Beijing 100010, China
3.Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
4.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 101408, China

Online:2019-11-15 Published:2019-11-13

摘要/Abstract

摘要： 现有入侵意图识别方法对报警证据的有效性缺乏考虑，影响了入侵意图识别的准确性。为此提出基于贝叶斯攻击图的入侵意图识别方法。首先建立贝叶斯攻击图模型，然后通过定义报警的置信度及报警间的关联强度，去除低置信水平的孤立报警；根据提取到的有效报警证据进行贝叶斯后验推理，动态更新攻击图中各状态节点遭受攻击的概率，识别网络中已发生和潜在的攻击行为。实验结果表明，该方法能有效提取报警证据，提高网络入侵预测的准确性。

关键词: 意图识别, 贝叶斯攻击图, 漏洞利用, 报警置信度, 报警关联强度

Abstract: The existing intrusion intention recognition methods lack the validity consideration of alert evidence, which affects the recognition accuracy. Therefore, the intrusion intention recognition method based on Bayesian attack graph is proposed. Firstly, the model of Bayesian attack graph is constructed, and then the isolated alerts with low confidence are removed by setting the alert confidence and correlation strength. Secondly, the Bayesian posteriori reasoning is performed based on the extracted effective alert evidence. Furthermore, the probability of each state node being attacked is dynamically updated in the attack graph, which aims to identify the previous and potential attack behaviors in the network. Finally, the experimental results show that the proposed method can effectively extract the alert evidence and improve the prediction accuracy of the network intrusion.

Key words: intention recognition, Bayesian attack graph, vulnerability exploitation, alert confidence level, alert correlation strength

王洋，吴建英，黄金垒，胡浩，刘玉岭. 基于贝叶斯攻击图的网络入侵意图识别方法[J]. 计算机工程与应用, 2019, 55(22): 73-79.

WANG Yang, WU Jianying, HUANG Jinlei, HU Hao, LIU Yuling. Network Intrusion Intention Recognition Method Based on Bayesian Attack Graph[J]. Computer Engineering and Applications, 2019, 55(22): 73-79.

[1]	王丽花，杨文忠，姚苗，王婷，理姗姗. 意图识别与语义槽填充的双向关联模型[J]. 计算机工程与应用, 2021, 57(3): 196-202.
[2]	赵鹏飞，李艳玲，林民. 结合胶囊网络的领域适应意图识别[J]. 计算机工程与应用, 2021, 57(21): 188-194.
[3]	王堃，林民，李艳玲. 端到端对话系统意图语义槽联合识别研究综述[J]. 计算机工程与应用, 2020, 56(14): 14-25.
[4]	华冰涛，袁志祥，肖维民，郑啸. 基于BLSTM-CNN-CRF模型的槽填充与意图识别[J]. 计算机工程与应用, 2019, 55(9): 139-143.
[5]	刘娇，李艳玲，林民. 人机对话系统中意图识别方法综述[J]. 计算机工程与应用, 2019, 55(12): 1-7.
[6]	侯丽仙，李艳玲，李成城. 面向任务口语理解研究现状综述[J]. 计算机工程与应用, 2019, 55(11): 7-15.
[7]	杨志明1，2，3，王来奇3，王泳2. 深度学习算法在问句意图分类中的应用研究[J]. 计算机工程与应用, 2019, 55(10): 154-160.

基于贝叶斯攻击图的网络入侵意图识别方法

Network Intrusion Intention Recognition Method Based on Bayesian Attack Graph

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 7

编辑推荐

Metrics