Proceedings of the
The Nineteenth International Conference on Computational Intelligence and Security (CIS 2023)
December 1 – 4, 2023, Haikou, China
Multi-Stage Attack Prediction Model Based on Attack Warning Weight Clustering
School of Computer Science and Engineering, Xi'an University of Technology, China.
ABSTRACT
Advanced Sustainability Threat Attack (APT Attack) has become one of the biggest threats affecting network security at present, which is mainly characterized by multi-stage attacks to achieve the attack purpose. Many researchers have devoted themselves to this aspect of the study, the current common methods of network attack prediction are attack graph model, game theory model, Bayesian network, etc. These methods also have their own shortcomings. In this paper, we propose a multi-stage attack prediction model based on Hidden Markov Model (HMM), which detects the attack warnings through Snort intrusion detection system, and then clusters the detected attack warning data after preprocessing, and clusters different types of attacks by adding weights to the clustering, and then uses the clustering result as the observation state of HMM, and finally, the clustered data will be predicted by HMM through HMM. Prediction is carried out. The experimental results show that the model proposed in this paper performs well when the length of the attack sequence is different, and the highest correct prediction rate of 93% is achieved when the length of the attack sequence is 4, and the correct prediction rate is 80% even when the length of the attack sequence is 10.
Keywords: Multi-stage attack prediction, Hidden Markov model, Intrusion detection.
Download PDF
School of Computer Science and Engineering, Xi'an University of Technology, China.
ABSTRACT
Advanced Sustainability Threat Attack (APT Attack) has become one of the biggest threats affecting network security at present, which is mainly characterized by multi-stage attacks to achieve the attack purpose. Many researchers have devoted themselves to this aspect of the study, the current common methods of network attack prediction are attack graph model, game theory model, Bayesian network, etc. These methods also have their own shortcomings. In this paper, we propose a multi-stage attack prediction model based on Hidden Markov Model (HMM), which detects the attack warnings through Snort intrusion detection system, and then clusters the detected attack warning data after preprocessing, and clusters different types of attacks by adding weights to the clustering, and then uses the clustering result as the observation state of HMM, and finally, the clustered data will be predicted by HMM through HMM. Prediction is carried out. The experimental results show that the model proposed in this paper performs well when the length of the attack sequence is different, and the highest correct prediction rate of 93% is achieved when the length of the attack sequence is 4, and the correct prediction rate is 80% even when the length of the attack sequence is 10.
Keywords: Multi-stage attack prediction, Hidden Markov model, Intrusion detection.
Download PDF