Research And Implementation Of Network Attack Prediction And Countermeasure Generation System

The rapid development of the Internet has brought convenience to daily life,yet it has also increased the vulnerabilities of various network software and systems.When these vulnerabilities are exploited by adversaries,it can lead to severe impacts on many Internet users.In response to the increasing network threats,cybersecurity researchers emphasize the analysis of abnormal network traffic through machine learning algorithms to predict possible network attacks.Presently,network detection has high recognition accuracy for potential network attacks.However,for identified network threats,security researchers still depend mostly on their own expertise to solve or mitigate the attacks,due to a lack of models that can automatically generate countermeasures to aid in decision-making.This thesis presents research on a network attack prediction and countermeasure generation system to address the aforementioned problems,with the following main research areas:(1)In response to the lack of generality of most cyber security knowledge graph,this thesis constructs a common cyber security knowledge graph to provide data support for countermeasure generation.First,the massive heterogeneous open-source cyber security database is analyzed and crawled using crawler technology.Then,the unified cybersecurity ontology is reused and the schema layer concepts are refined to build the common cyber security ontology.After data processing,the massive knowledge is stored in the form of quaternions.Finally,a common cyber security knowledge graph is constructed in top-down manner,and the automatic update concept and modules are introduced to realize the automatic update of the cyber security knowledge graph to respond to the rapid changes in the real world.(2)In order to predict network attacks and their vulnerability exploitation,and to provide more accurate threat prediction results for countermeasure generation,this thesis refers to the particle swarm algorithm support vector machine,proposes the logarithmic adaptive mean particle swarm optimization support vector machine algorithm and applies it to network attack and vulnerability exploitation prediction.The algorithm uses a logarithmic function to dynamically adjust the value of the inertia factor based on the particle swarm optimization algorithm,and introduces a mean value function to optimize the velocity update equation.The proposed algorithm performs better in terms of accuracy and time when compared with several algorithms on common datasets.Based on the public dataset of Lincoln Laboratory,this thesis applies the algorithm to network attack and their vulnerability exploitation prediction,and it has better prediction performance in both areas.(3)In order to automatically generate reliable countermeasures in the face of vulnerability exploitation class cyber threats,this paper proposes an ontology-based reasoning method for countermeasure generation.The countermeasure reasoning rules are designed based on the Semantic Web rule language,and the method derives feasible defense schemes for the vulnerabilities that can be exploited by network attacks,combined with the countermeasure reasoning rules on the cyber security knowledge graph constructed in this paper to provide support for cyber security threat confrontation.Finally,the feasibility of the proposed countermeasure generation method is verified in the experiment.(4)In order to verify the feasibility of the network attack and vulnerability exploitation prediction model and countermeasure generation method proposed in this thesis,a network attack prediction and countermeasure generation system is designed and implemented in this thesis.The system combines common cyber security knowledge graph,network attack prediction model,vulnerability exploitation prediction model and countermeasure generation method.After experimental verification and analysis,it is proved that the system can more accurately predict the abnormal traffic and its possible exploited vulnerabilities,and can generate the corresponding countermeasure according to the vulnerabilities,which has practical application background.