Attack Scenario Construction Method Based on Causal Knowledge Net

Wang Shuo; Tang Guangming; Wang Jianhua; Sun Yifeng; Kou Guang

doi:10.7544/issn1000-1239.2018.20160940

Journal of Computer Research and Development > 2018 > 55(12): 2620-2636. > DOI: 10.7544/issn1000-1239.2018.20160940

Wang Shuo, Tang Guangming, Wang Jianhua, Sun Yifeng, Kou Guang. Attack Scenario Construction Method Based on Causal Knowledge Net[J]. Journal of Computer Research and Development, 2018, 55(12): 2620-2636. DOI: 10.7544/issn1000-1239.2018.20160940

Citation:

PDF (3672 KB)

Attack Scenario Construction Method Based on Causal Knowledge Net

(PLA Information Engineering University, Zhengzhou 450001)

More Information

Published Date: November 30, 2018

Graphical Abstract

Abstract

Abstract

In view of the problem that the existing attack scenario construction methods are not accurate due to the lack of consideration of alarm missing and alarm redundancy, a new attack scenario construction method based on causal knowledge net is put forward. The causal knowledge net is composed of causal relationship and causal knowledge. Firstly, the causal relationship of single-step attacks is defined according to the expert knowledge, and then the real alarms are utilized to mine the causal knowledge, which can be used to quantitatively describe the causal relationship. In particular, the significance testing mean is designed to guarantee the consistency and accuracy of the causal relationship as well as causal knowledge among the mining causal knowledge. Additionally, the attack scenario construction method can be divided into two different steps with the help of causal knowledge net: the initiatory attack scenario can be obtained by means of alarm mapping and clustering in the first step, and in the second step, the initiatory attack scenario is reconstructed and the intact attack scenario is achieved by taking advantage of the theory named maximum a posteriori estimation. Experimental results show that the proposed method can improve the accuracy of attack scenario construction by combining the advantages of expert knowledge and data mining.
- attack scenario construction,
- causal knowledge network,
- data mining,
- alarm,
- maximum a posteriori estimation

FullText(HTML)

References (0)

[1]	Yue Wenjing, Qu Wenwen, Lin Kuan, Wang Xiaoling. Survey of Cardinality Estimation Techniques Based on Machine Learning[J]. Journal of Computer Research and Development, 2024, 61(2): 413-427. DOI: 10.7544/issn1000-1239.202220649
[2]	Feng Xuewei, Wang Dongxia, Huang Minhuan, Li Jin. A Mining Approach for Causal Knowledge in Alert Correlating Based on the Markov Property[J]. Journal of Computer Research and Development, 2014, 51(11): 2493-2504. DOI: 10.7544/issn1000-1239.2014.20130854
[3]	Xu Min, Deng Zhaohong, Wang Shitong, Shi Yingzhong. MMCKDE: m-Mixed Clustering Kernel Density Estimation over Data Streams[J]. Journal of Computer Research and Development, 2014, 51(10): 2277-2294. DOI: 10.7544/issn1000-1239.2014.20130718
[4]	Zhang Guanhong, S.Loglo, Odbal. Fusion of Morphological Features for Mongolian Part of Speech Based on Maximum Entropy Model[J]. Journal of Computer Research and Development, 2011, 48(12): 2385-2390.
[5]	Xu Peng, Wang Jinkuan, Qi Feng. A MAP Channel Estimation Algorithm for MIMO-OFDM Systems with Better Performance[J]. Journal of Computer Research and Development, 2011, 48(1): 118-124.
[6]	Xiao Chuangbai, Yu Jing, Xue Yi. A Novel Fast Algorithm for MAP Super-Resolution Image Reconstruction[J]. Journal of Computer Research and Development, 2009, 46(5): 872-880.
[7]	Bai Heng, Gao Yurui, Wang Shijie, and Luo Limin. A Robust Diffusion Tensor Estimation Method for DTI[J]. Journal of Computer Research and Development, 2008, 45(7): 1232-1238.
[8]	Xiao Liang, Wei Zhihui, Wu Huizhong. A Generalized Variational Image Restoration Model Based on MAP and Robust Estimation[J]. Journal of Computer Research and Development, 2007, 44(7): 1105-1113.
[9]	He Xiaoyang and Wang Yasha. Model-Based Methods for Software Cost Estimation[J]. Journal of Computer Research and Development, 2006, 43(5): 777-783.
[10]	Wu Gaowei, Tao Qing, Wang Jue. Support Vector Machines Based on Posteriori Probability[J]. Journal of Computer Research and Development, 2005, 42(2): 196-202.