| With the deepening of informatization degree of military equipment,security defense for military information network is becoming more and more important.The technology of attack scenario construction and prediction can show the attack behavior in the current network,and predict the next possible attack behavior.To get timely and effective decision-making basis for the defense,the study of accurate,efficient,intelligent attack scenario construction and forecast is needed.And this study can not only improve the active defense ability of network security,but also has a very important significance to enhance ability of military equipment informatization management and support.The main work of this paper is as follows:1.This paper puts forward the construction and prediction framework of attack scenario based on causal knowledge network,to provide theoretical guidance for scenario construction and prediction.The causal knowledge network uses the graph and the probability form to represent all the known attack scenarios in the target network.Matching the current alarm with the causal knowledge network,and constructing the attack scenario using the knowledge inference.On the basis of the established attack scenario,the paper proposes the attack scenario prediction method based on the causal knowledge network.2.This paper proposes the construction method of causal knowledge network,to lay the foundation for attack scenario construction and prediction.By modeling the target network and attack pattern,the attack pattern is instantiated into atomic attack,and the causal relationship network is generated by match-the-index strategy.Using the historical alarm library,the data mining method is used to generate the causal knowledge and make significance testing,to ensure the accuracy of knowledge;finally,the causal knowledge network update mechanism is given.Theoretical analysis and experimental verification show that this method can guarantee the overall importance,freshness and construction efficiency of the causal knowledge network.3.An attack scenario construction method is proposed based on causal knowledge network,which solves the problem of inaccurate construction of attack scene caused by false alarm.The causes of false negative errors in network security equipment and its impact on the construction of attack scene are analyzed.Combining the causal knowledge network,the theoretical analysis shows that the maximum a posteriori estimation is suitable for solving the problem of attack scenario construction under the conditions of false negation.Finally,based on the causal knowledge network,the method of attack scenario construction using the maximum a posteriori estimation reasoning is proposed.The experimental results show that this method can effectively solve the problem of attack scenario construction under the conditions of false negation.4.This paper proposes an attack scenario prediction method based on causal knowledge network,which solves the problem that the existing attack scenario prediction cannot accurately reflect the influence of the attacker's attack ability to the future attack path.The influence of attacker's ability to the prediction of attack scenario is analyzed.A dynamic adjustment method of causal knowledge which can vary with the changes of attacker's ability is proposed to infer the attacker's ability level according to the attack behavior that the attacker has already implemented.Finally,based on the causal knowledge network,the attack scenario prediction method of attacker's ability reasoning is proposed.The experimental results show that the method is appropriate for the actual environment of the network confrontation,and can improve the accuracy of the attack scenario prediction.Finally,the work of this paper is summarized,and the future research of attack scenario construction and prediction is prospected. |
PDF Full Text Request