• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Wang Shuo, Tang Guangming, Wang Jianhua, Sun Yifeng, Kou Guang. Attack Scenario Construction Method Based on Causal Knowledge Net[J]. Journal of Computer Research and Development, 2018, 55(12): 2620-2636. DOI: 10.7544/issn1000-1239.2018.20160940
Citation: Wang Shuo, Tang Guangming, Wang Jianhua, Sun Yifeng, Kou Guang. Attack Scenario Construction Method Based on Causal Knowledge Net[J]. Journal of Computer Research and Development, 2018, 55(12): 2620-2636. DOI: 10.7544/issn1000-1239.2018.20160940
shu

Attack Scenario Construction Method Based on Causal Knowledge Net

  • (PLA Information Engineering University, Zhengzhou 450001)

More Information
  • Published Date: November 30, 2018
    Graphical Abstract
    • Abstract
  • In view of the problem that the existing attack scenario construction methods are not accurate due to the lack of consideration of alarm missing and alarm redundancy, a new attack scenario construction method based on causal knowledge net is put forward. The causal knowledge net is composed of causal relationship and causal knowledge. Firstly, the causal relationship of single-step attacks is defined according to the expert knowledge, and then the real alarms are utilized to mine the causal knowledge, which can be used to quantitatively describe the causal relationship. In particular, the significance testing mean is designed to guarantee the consistency and accuracy of the causal relationship as well as causal knowledge among the mining causal knowledge. Additionally, the attack scenario construction method can be divided into two different steps with the help of causal knowledge net: the initiatory attack scenario can be obtained by means of alarm mapping and clustering in the first step, and in the second step, the initiatory attack scenario is reconstructed and the intact attack scenario is achieved by taking advantage of the theory named maximum a posteriori estimation. Experimental results show that the proposed method can improve the accuracy of attack scenario construction by combining the advantages of expert knowledge and data mining.
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]Yue Wenjing, Qu Wenwen, Lin Kuan, Wang Xiaoling. Survey of Cardinality Estimation Techniques Based on Machine Learning[J]. Journal of Computer Research and Development, 2024, 61(2): 413-427. DOI: 10.7544/issn1000-1239.202220649
    [2]Mei Canhua, Zhang Yuhong, Hu Xuegang, and Li Peipei. A Weighted Algorithm of Inductive Transfer Learning Based on Maximum Entropy Model[J]. Journal of Computer Research and Development, 2011, 48(9): 1722-1728.
    [3]Hu Wenyu, Sun Zhihui, Wu Yingjie. Study of Sampling Methods on Data Mining and Stream Mining[J]. Journal of Computer Research and Development, 2011, 48(1): 45-54.
    [4]Bai Heng, Gao Yurui, Wang Shijie, and Luo Limin. A Robust Diffusion Tensor Estimation Method for DTI[J]. Journal of Computer Research and Development, 2008, 45(7): 1232-1238.
    [5]Xiao Liang, Wei Zhihui, Wu Huizhong. A Generalized Variational Image Restoration Model Based on MAP and Robust Estimation[J]. Journal of Computer Research and Development, 2007, 44(7): 1105-1113.
    [6]Wang Liming and Zhao Hui. Algorithms of Mining Global Maximum Frequent Itemsets Based on FP-Tree[J]. Journal of Computer Research and Development, 2007, 44(3).
    [7]He Xiaoyang and Wang Yasha. Model-Based Methods for Software Cost Estimation[J]. Journal of Computer Research and Development, 2006, 43(5): 777-783.
    [8]Yang Yidong, Sun Zhihui, Zhang Jing. Finding Outliers in Distributed Data Streams Based on Kernel Density Estimation[J]. Journal of Computer Research and Development, 2005, 42(9): 1498-1504.
    [9]Wang Zhiming, Cai Lianhong, Ai Haizhou. Automatic Estimation of Visual Speech Parameters[J]. Journal of Computer Research and Development, 2005, 42(7): 1185-1190.
    [10]Wu Gaowei, Tao Qing, Wang Jue. Support Vector Machines Based on Posteriori Probability[J]. Journal of Computer Research and Development, 2005, 42(2): 196-202.

  • Cited by

    Periodical cited type(10)

    1. 杨秀璋,彭国军,刘思德,田杨,李晨光,傅建明. 面向APT攻击的溯源和推理研究综述. 软件学报. 2025(01): 203-252 .
    2. 申国霞,常鑫. 基于可信密码模块的网络信道潜在攻击挖掘. 信息技术. 2023(10): 152-156+162 .
    3. 谢峥,路广平,付安民. 一种可扩展的实时多步攻击场景重构方法. 信息安全研究. 2023(12): 1173-1179 .
    4. 黄维贵,孙怡峰,欧旺,王玉宾. 基于不确定攻击图的违规外联风险分析. 信息工程大学学报. 2022(05): 570-577 .
    5. 王文娟,杜学绘,单棣斌. 基于动态概率攻击图的云环境攻击场景构建方法. 通信学报. 2021(01): 1-17 .
    6. 潘亚峰,朱俊虎,周天阳. APT攻击场景重构方法综述. 信息工程大学学报. 2021(01): 55-60+80 .
    7. 罗智勇,杨旭,刘嘉辉,许瑞. 基于贝叶斯攻击图的网络入侵意图分析模型. 通信学报. 2020(09): 160-169 .
    8. 王硕,王建华,汤光明,裴庆祺,张玉臣,刘小虎. 一种智能高效的最优渗透路径生成方法. 计算机研究与发展. 2019(05): 929-941 . 本站查看
    9. 吴东,郭春,申国伟. 一种基于多因素的告警关联方法. 计算机与现代化. 2019(06): 30-37 .
    10. 韩宜轩,秦元庆. 基于因果关联的电力工控系统攻击场景还原. 信息技术. 2019(08): 41-44+48 .

    Other cited types(13)

Catalog

    Get Citation
    PDF
    XML
    Article views (1382) PDF downloads (589) Cited by(23)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return