Route Prediction Method for Network Intrusion Using Absorbing Markov Chain

Hu Hao; Liu Yuling; Zhang Hongqi; Yang Yingjie; Ye Runguo

doi:10.7544/issn1000-1239.2018.20170087

Journal of Computer Research and Development > 2018 > 55(4): 831-845. > DOI: 10.7544/issn1000-1239.2018.20170087 CSTR: 32373.14.issn1000-1239.2018.20170087

Hu Hao, Liu Yuling, Zhang Hongqi, Yang Yingjie, Ye Runguo. Route Prediction Method for Network Intrusion Using Absorbing Markov Chain[J]. Journal of Computer Research and Development, 2018, 55(4): 831-845. DOI: 10.7544/issn1000-1239.2018.20170087

Citation:

PDF (3169 KB)

Route Prediction Method for Network Intrusion Using Absorbing Markov Chain

¹(PLA Information Engineering University, Zhengzhou 450001)
²(Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190)
³(Henan Key Laboratory of Information Security, Zhengzhou 450001)
⁴(China Electronics Standardization Institute, Beijing 100007)

More Information

Published Date: March 31, 2018

Graphical Abstract

Abstract

Abstract

Predictions of network intrusion intention and path are very significant for the security administrator to comprehend the possible threat behaviors of attackers deeply. Existing reports mainly focus on the path prediction under the ideal attack scenario. However, the ideal attack paths are not the real-world paths adopted by the intruders entirely. In order to predict the attack path information of network intrusion accurately and comprehensively, a novel route prediction method based on absorbing Markov chain (AMC) is proposed in this paper. Firstly, a normalization algorithm for state transition probability of AMC is designed with the Markov and absorption properties, then the complete attack graph (AG) proved can be mapped into the AMC. In addition, the probability metric for state transition based on common vulnerability scoring system (CVSS) is designed. Finally, the detailed steps for predicting expected number of visits to attack state and expected number of route lengths are further put forward respectively. Experimental analysis results indicate that our method can quantify the probability distribution of routes with different attack lengths, and calculate the expected number of route lengths. Moreover, it can predict the expected number of atomic attacks needed to compromise the attack goal. The predictions can be used in node threat ranking. Hence, our approach provides more guidance for network security protection in response to network attack threat timely.
- intrusion route prediction,
- attack graph (AG),
- absorbing Markov chains (AMC),
- expected route length,
- node threat ranking

FullText(HTML)

References (0)

Cited By

Cited by

Periodical cited type(12)

1.	晏燕，吕雅琴，李飞飞. 基于Huffman编码的移动终端本地差分隐私位置保护. 计算机科学与探索. 2025(03): 802-817 .
2.	张治政，张啸剑，王俊清，冯光辉. 结合差分隐私与安全聚集的联邦空间数据发布方法. 计算机应用. 2024(09): 2777-2784 .
3.	朱友文，唐聪，吴启晖，张焱. 个性化本地差分隐私机制的研究现状与展望. 南京航空航天大学学报. 2024(05): 784-800 .
4.	刘利康，周春来. RCP:本地差分隐私下的均值保护技术. 计算机科学. 2023(02): 333-345 .
5.	晏燕，董卓越，徐飞，冯涛. 一种Hilbert编码的本地化位置隐私保护方法. 西安电子科技大学学报. 2023(02): 147-160 .
6.	唐涛，张磊，段勇，杨立超，张泽. 混淆查询区域下的电网多维数据聚合查询方法研究. 自动化仪表. 2023(08): 73-78 .
7.	晏燕，丛一鸣，Adnan Mahmood，盛权政. 基于深度学习的位置大数据统计发布与隐私保护方法. 通信学报. 2022(01): 203-216 .
8.	金媛媛，倪志伟，朱旭辉，陈恒恒，陈千. 基于本地差分隐私的空间数据自适应划分算法. 计算机工程. 2022(05): 136-144 .
9.	张啸剑，徐雅鑫，孟小峰. 基于本地化差分隐私的空间数据近似k-近邻查询. 计算机研究与发展. 2022(07): 1610-1624 . 本站查看
10.	曹依然，朱友文，贺星宇，张跃. 效用优化的本地差分隐私集合数据频率估计机制. 计算机研究与发展. 2022(10): 2261-2274 . 本站查看
11.	刘俊岭，刘柏何，邹鑫源，孙焕良 . 面向空间兴趣区域的路线查询. 计算机研究与发展. 2022(11): 2569-2580 . 本站查看
12.	王明月，张兴，李万杰，张青云，李晓会. 面向数据发布的隐私保护技术研究综述. 小型微型计算机系统. 2020(12): 2657-2667 .