Design And Implementation Of Multi-step Network Attack Prediction Model Based On Deep Learning

With the rapid development of Internet technology,the network can provide more and more services.More network services to bring people a more convenient way of life,but also brings more network security issues.Multiple hosts work together to implement multiple related multi-step attacks are the development trend of network attacks.Intrusion detection system(IDS)as an active defense technology,more and more people's attention.Network attack prediction is an important part of risk management.How to give IDS the ability to correlate and predict multistep attacks has become an urgent problem to be solved.At present,the main problems in intrusion detection system(IDS)are:(1)the alarm information is too large to make the attack scenarios of different attackers difficult to be identified and understood;(2)only the attack can be detected and the attacker can not predict the next attack.In the past,the responsibility of rebuilding a complete attack scenario was mainly left to the security analysts.However,due to the continuous development of the attack activities,the alarm events were massive and of low value,and the administrators manually analyzed the attack activities from these trivial alarms The whole picture or the whole scene is impossible.In this regard,the relevant personnel made a lot of meaningful research.The main problems with these research programs are(1)relying on human prior knowledge of compound attacks;(2)effective and non-portable for specific attacks or specific networks.Around the current problems,this paper has done the following work:(1)Combined with IDS log,the attack sequence and the related concepts are defined.Based on the related definition,the algorithm of attack scene reconstruction is proposed.The algorithm can process IDS logs to extract all attack sequences contained in IDS logs.(2)Aiming at the attack sequences extracted from the attack scene reconstruction algorithm,a universal coding method for each network is proposed.This encoding can extract the different LAN attacks sequence into a unified format.(3)Aiming at the encoded attack sequences,a deep neural network based on depth learning is constructed.The network can predict the source IP address,destination IP address,and attack name associated with the next attack.(4)Introduce the mechanism of continuous learning on the whole model.This mechanism allows the model to constantly update itself over time.(5)The accuracy of compound attack reconstruction,the accuracy of neural network prediction and the availability of the whole model are verified through experiments.