基于FP-Growth算法及补偿性入侵证据的攻击意图识别

针对现有方法的入侵证据单一,系统资源消耗大及最终结果不准确等问题,提出了一种新的攻击意图识别方法.将IDS的告警事件与其他安全工具如扫描器等的数据相融合,构成补偿性入侵证据,并在此基础上使用贝叶斯网络构建攻击场景;使用FP-Growth算法从攻击场景中挖掘出频繁攻击模式;最终将产生的频繁攻击模式关联以重构攻击路径,从而推断最可能的攻击意图.实验结果表明,该方法可准确识别攻击意图并有效节省系统资源.

Recognition of Attack Strategy Based on FP-Growth Algorithm and Compensatory Intrusion Evidence

Limitations existed with current methods for attack intention recognition. For instance, they lacked compensatory intrusion evidences, cost enormous system resources and had low precision. To avoid the above flaws, a novel and effective method is proposed. The method generated compensatory intrusion evidences by fusing data from IDS and other security kits like scanner. Then, Bayesian-based attack scenarios were constructed where frequent attack patterns were identified using an efficient data-mining algorithm based on frequent patterns. Finally, attack paths were rebuilt by re-correlating frequent attack patterns mined in the scenarios to judge possible attack strategies precisely. The experimental results demonstrate the capability of the proposed method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources.