Research On Key Technologies Of Network Multi-Step Attack Scene Recognition And Prediction

With the rapid development of computer network and Internet technology,more and more network security problems occur.In order to solve the existing network security problems,intrusion detection tools used by network security detection come into being.Existing intrusion detection tools for network attacks detect network security incidents based on rule matching of network attack characteristics.Network attacks that are not in the specified rules are difficult to detect,especially multi-step attacks.It is of great importance to find out the potential relationship among network attacks,comprehensive analysis and processing,recognize the complete network attack scene and predict the network attack by utilizing the network security events detected by the existing intrusion detection tools,which can monitor and protect network security effectively.To solve the problem of multi-step attack scene recognition,the existing intrusion detection tools can only get a single network security event.However,it can not detect the complete attack process according to these events,that is,the whole network attack scenario.In this paper,a novel IP-FPGrowth method based on high-frequency IP-related network security events is proposed to solve the problem of large data volume and redundant data in traditional network security events.This method first preprocesses a large number of network security log events,eliminates redundant data.Then FPGrowth algorithm is used to find high-frequency IP and correlate network security events to restore the complete process of network attack scenarios.By comparing the experimental results with the FPGrowth algorithm,the accuracy,efficiency and recognition ability of the proposed IP-FPGrowth algorithm are verified on DARPA1999 and DARPA2000 datasets.The existing intrusion detection tools can only detect the network attacks that have occurred,which can not predict the network attack.To solve the network multi-step attack prediction problem,a GA-HMM model based on Hidden Markov Model(HMM)and Genetic Algorithm(GA)is proposed.The model can avoid that the traditional HMM easily trapped into local minimum value by combining the genetic algorithm.By comparing the experimental results with the HMM model,the accuracy and stability of the GA-HMM network attack prediction model are verified on DARPA2000 datasets.