Network attack plan recognition algorithm based on the extended goal graph

CORC > 北京大学 > 计算机科学技术研究所

	Network attack plan recognition algorithm based on the extended goal graph
	Zhuge, Jian-Wei ; Han, Xin-Hui ; Ye, Zhi-Yuan ; Zou, Wei
刊名	jisuanji xuebaochinese journal of computers
	2006
英文摘要	Based on the classical plan recognition methods in the domain of artificial intelligence, and considering the characteristics of attack plan recognition problem in the domain of network security operation, this paper extends the goal graph model, introducing the observation node to distinguish the planner's actions and the recognizer's observations against the actions, replacing the unitary action nodes using the hierarchy composed with detail actions and abstract actions, maintaining the precondition and effect conditions between the actions and security states in the abstract action level according to the abstract attack patterns, therefore, proposes the Extended Goal Graph (EGG) model. Furthermore, this paper proposes an attack plan recognition algorithm based on the Extended Goal Graph, the algorithm can recognize the hidden attack intention and plan from the large volume of low level intrusion detection system alerts correctly and effectively. Through the experiments using DARPA 2000 intrusion scenario correlation benchmark dataset and in-the-wild botnet scenarios data captured in the honeynet, the results show the completeness and soundness of the algorithm, as well as its advantage beyond the alert correlation systems such as TIAA5.; EI; 0; 8; 1356-1366; 29
语种	英语
内容类型	期刊论文
源URL	[http://ir.pku.edu.cn/handle/20.500.11897/321348]
专题	计算机科学技术研究所
推荐引用方式 GB/T 7714	Zhuge, Jian-Wei,Han, Xin-Hui,Ye, Zhi-Yuan,et al. Network attack plan recognition algorithm based on the extended goal graph[J]. jisuanji xuebaochinese journal of computers,2006.
APA	Zhuge, Jian-Wei,Han, Xin-Hui,Ye, Zhi-Yuan,&Zou, Wei.(2006).Network attack plan recognition algorithm based on the extended goal graph.jisuanji xuebaochinese journal of computers.
MLA	Zhuge, Jian-Wei,et al."Network attack plan recognition algorithm based on the extended goal graph".jisuanji xuebaochinese journal of computers (2006).