Abstract:
Intrusive intention recognition is to reason and determine the ultimate purpose which an attacker wants to achieve according to his attack actions and protection measures in a specific network. In order to deal with the dynamical character of offensedefense confrontation in the network security field, an intrusive intention recognition method based on timed automata is proposed in this paper. At first a hierarchical attack path graph generation method is presented to recognize intrusive intention in order to reduce complexity of understanding and analysis. Then DS evidence theory is applied to fuse alerts of intrusion detection system to abstract the attacker’s actions and compute their confidence. How to describe state transition process of vulnerability under attack actions and system responses is presented with time automata carefully. Next in the hierarchical attack path graph, the algorithm to infer intrusive intention based on the state and dependency relationship of nodes is given. Probabilities of attack intentions are fluctuated with the ongoing intrusive actions and responses using our algorithms. According to these consequences, some recommendations can be proposed to improve the network security situation. Finally several experiments are done in a local network, and the results of the experiments prove the feasibility and validity of this method.