Abstract

Abstract:

Traditional intrusion detection systems only provide a great amount of indefendent and original attack alarming information,which does not help the users and IDSs to respond to the attacks in time. So the lower level alarming information is needed to build a higher level attack scenario. The paper proposes a method of dinamically buiding a real-time attack scenario using the colored Petri nets principle. The method firstly uses the colored Petri netsdescribe the attack scenario, matches and builds the corresponding attack scenario with the ratio of the expanded association matrix, and verifies and checks the omitted attacks, predicts the next possible attack according to the built sub-attack scenario network; and meanwhile builds a new attack s cenario mode by using a method of sub-attack scenario merge.

Key words: intrusion detection, scenario, association, colored Petri net

[1]	JING Yongjun, WANG Hao, SHAO Kun, WANG Xiaofeng. A network intrusion detection method based on graph heat kernel diffusion convolution [J]. Computer Engineering & Science, 2025, 47(03): 459-471.
[2]	LIU Pei, LIU Chang-hua, LIN Qiao-ling . An intrusion detection model for vehicular networks based on optimized feature stacking and ensemb [J]. Computer Engineering & Science, 2024, 46(12): 2186-2195.
[3]	XIAO Xin-zheng, HUANG Rui-zhang, CHEN Yan-ping, QIN Yong-bin, SONG Yu-mei, ZHOU Yu-lin, . Corrective-Net: A label association learning module for multi-label text classification [J]. Computer Engineering & Science, 2024, 46(06): 1092-1100.
[4]	TAN Yu-song, WANG Wei, JIAN Song-lei, YI Chao-xiong. Weakly-supervised IDS with abnormal-preserving transformation learning [J]. Computer Engineering & Science, 2024, 46(05): 801-809.
[5]	LEI Xuan, CHENG Guang, ZHANG Yu-jian, GUO Liang, ZHANG Fu-cun. Association analysis of alarm information based on power network situation awareness platform [J]. Computer Engineering & Science, 2023, 45(07): 1197-1208.
[6]	. Double-Bagging based feature dimension reduction heterogenous integrated intrusion detection [J]. Computer Engineering & Science, 2023, 45(06): 1011-1019.
[7]	LIN Kai-zhi, ZONG Yan-yan, SUN Long-ling, . Research on PCIe topology application of AI server [J]. Computer Engineering & Science, 2022, 44(03): 390-395.
[8]	LIU Yun, ZHENG Wen-feng, ZHANG Yi. Optimization of intrusion detection feature extraction by cost constraint algorithm [J]. Computer Engineering & Science, 2022, 44(03): 447-453.
[9]	XIONG Zhong-min, WANG Bo, TAO Ran, ZHENG Zong-sheng, CHEN Ming, . An association rule mining reduction algorithm based on determining prime attributes [J]. Computer Engineering & Science, 2021, 43(04): 738-745.
[10]	JI Peng-shan, JIA Xiang-dong, LU Yi, XU Wen-juan. Conditional decoupling design framework and performance analysis of dual-connectivity NOMA heterogeneous networks [J]. Computer Engineering & Science, 2020, 42(07): 1174-1183.
[11]	YANG Lan-yan, JIN Min, ZHANG Ying-chun, ZHANG Xun. A MLKNN multi-label classification algorithm based on association rules [J]. Computer Engineering & Science, 2020, 42(07): 1309-1317.
[12]	LI Xing-chen,LIU Xiao-ming,CHENG Xiao-nan. A multi-target tracking algorithm based on YOLO detection [J]. Computer Engineering & Science, 2020, 42(04): 665-672.
[13]	ZHU Shi-song，BA Meng-long，WANG Hui，SHEN Zi-hao. An intrusion detection technology based on NBSR model [J]. Computer Engineering & Science, 2020, 42(03): 427-433.
[14]	YANG Qing1,2,3,ZHANG Ya-wen1,2,ZHANG Qin1,YUAN Pei-ling1. Research and application of a multidimensional association rules mining algorithm based on Hadoop [J]. Computer Engineering & Science, 2019, 41(12): 2127-2133.
[15]	LIAO Ji-yong,WU Sheng,LIU Ai-lian. An improved Apriori algorithm based on Boolean matrix reduction [J]. Computer Engineering & Science, 2019, 41(12): 2231-2238.

PDF

Knowledge

Abstract

Cite this article

share this article

Related Articles 15

Recommended Articles

Metrics

Comments