Research On Intrusion Detection Based On Plan Recognition

The explosive growth of storage and computing capabilities in recent years has enabled people to obtain information more comprehensively and in real time than before.While people are provided a more convenient and efficient service,a huge amount of data information is generated.The extremely difficult to convert massive amounts of data into business needs has a huge impact on every fields.In the security field,it brings greater revolutions.Traditional network security protection depends on the breadth and depth of the security experts' own knowledge.However,with the endless security loopholes and the variety of attack utilization methods,the security protection methods relying on professionals are unable to meet the demand,people begin to focus on using automatic methods to solve problems.Therefore,the use of artificial intelligence for security protection has become a new hot spot.The intrusion detection method based on plan recognition was researched in this article.Mainly conduct research from the following aspects:First of all,traditional machine learning methods are classified according to whether the operations are dangerous or not.The common marks are normal or attack.This method has a better ability to identify known types of intrusion attacks,but it lacks the ability to handle misleading actions.To deal with the shortcoming,this paper uses a plan recognition algorithm,which is combined with hidden Markov networks,to add the concept of hidden nodes on the basis of the original method,and reduces uncertainty through the conversion relationship between observable behavior and hidden purpose.The impact caused in the analysis of association relationships is reduced,thereby the ability to handle misleading actions is improved.Secondly,a plan recognition method for multi-agent collaboration analysis-the PIMCA method was proposed in this paper.This method targets the intrusion behavior with more complicated data structure,and uses the bag of words model and TF-IDF model to extract the features of the data.This method designs multi-level agents to work in parallel,which abstracts the complex data features of the initial input layer by layer,that is one layer of abstract feature attributes is used as an input to the next layer.Each layer of Agent performs feature abstraction,an activation function is added to the output of each layer at the same time,which is to prevent simple linear connections from identifying poorly in the actual environment.At last,the method is verified in the Spam-related data set Enron-Spam,and the results show that the method still has better recognition performance and better calculation efficiency when the input data is relatively complicated.Finally,the more classic Schonlau data set was selected from multiple datasets to verify the practicability of the proposed algorithm.Compared with other methods,the planning recognition method proposed in this paper effectively improves the recognition effect,and has a good use effect in scenarios such as malicious behavior detection.