Compound Attack Prediction Method Based on Improved Algorithm of Hidden Markov Model
Network attacks are developing in the direction of concealment, complexity, multi-step, etc., making it difficult to identify and predict. In order to solve the problems such as the difficulty of determining the matching degree of the network attack, the difficulty of predicting the attack intention, and the incorrect calculation of the alarm intent sequence due to the incorrect alarm information, a hidden Markov model based on improved algorithm composite attack prediction is proposed. Firstly, in order to improve the learning ability and adaptability of the algorithm, an improved Baum-Welch algorithm is proposed to train the hidden Markov model (HMM) and generate new HMMs. Then use the Forward algorithm to calculate the HMM with the maximum probability of generating a pre-processed alarm message sequence. When the alarm message sequence is misreported, the attack intent sequence obtained by the classic Viterbi algorithm may be biased. This paper improves the Viterbi algorithm to make the extracted attack intention sequence more accurate. Finally, simulation results show that the model can effectively extract attack intention sequence and improve the accuracy of compound attack prediction.
Geng N(2015,). Approach to Forecasting Multi-Step Attack Using Hidden Markov Model Based on Particle Swarm Optimization. Telecom Power Technologies, 000(003), 69-71.
Langley, Pat,Simon, et al(1995,). Applications of machine learning and rule induction. Communications of the ACM, 38(11), 54-64.
Ming-Yuh Huang, Robert J. Jasper, et al(1999,). A large scale distributed intrusion detection framework based on attack strategy analysis. Computer Networks, 31(23/24), 2465-2475.
Bao XH, Dai YX ,Feng P H, et al(2005,). A Detection and Forecast Algorithm for Multi-Step Attack Based on Intrusion Intention. Journal of Software, 16(12), 2132-2138.
Yan F, Huang H, et al(2006,). A Detection Algorithm for Multi-Step Attack Based on CTPN. Chinese Journal of Computers, 029(008), 1383-1391.
Chen C, Yan B P, Li J(2011,). Forecast Algorithm for Multi-step Attack Based on Attack Utility. Microellectronics & Computer, 028(003), 81-84.
Pilar Holgado, VICTOR A. VILLAGRA, Luis Vazquez(2017,). Real-time multistep attack prediction based on Hidden Markov Models. IEEE Transactions on Dependable and Secure Computing, (99), 1-1.
Wang H, et al(2018,). Intrusion Prediction Algorithm Based on Correlation Attack Graph. Computer Engineering, 044(007), 131-138.
Ju AK, Guo Y B,et al(2019,). Multi-step attack detection method based on network communication anomaly recognition. Journal on Communications, 040(007), 57-66.
Zhang Y X, Zhao D M, Liu J X(2013,). Approach to Forecasting Multi-step Attack Based on Fuzzy Hidden Markov Model. Journal of Applied sciences, 13(22), 955-4960.
Li C Y, Qi Y D, Wang X H, et al(2019,). DDoS Attack and Defense Confrontation Evaluation Based on Attack and Defense Game and Stochastic Petri Net. Computer Systems & Applications, 28(01), 27-33.
Juan J. Flores, Felix Calderon, Anastacio Antolino, et al(2015,). Network anomaly detection by continuous hidden markov models: An evolutionary programming approach. Intelligent Data Analysis, 19(2), 391-412.
Apurva S, Deepak R(2015,). Post-Attack Intrusion Detection using Log Files Analysis. International Journal of Computer Applications, 127(18), 19-21.
Yang Y, Jin S, Fang B(2015,). Security risk assessment based on bayesian multi-step attack graphs. Journal of Computational Information Systems, 11(11), 3911-3918.
Zhang Y X, Zhao D M, Liu J X(2014,). The Application of Baum-Welch Algorithm in Multistep Attack. The Scientific World Journal, 5(1), 1-7.
Qiu H, Wang K(2016,). Real-time Network Attack Intention Recognition Algorithm. International Journal of Security & Its Applications, 10(4), 51-62.
Anna Buczak, Erhan Guven(2015,). A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys & Tutorials, 18(2), 1-1.
Alqurashi S, Batarfi O(2016,). A Comparison of Malware Detection Techniques Based on Hidden Markov Model. Journal of Information Security, 07(3), 215-223.S
Rathore D, Jain A(2019,). Design Hybrid method for intrusion detection using Ensemble cluster classification and SOM network. International Journal of Advanced Computer Research, 2(3), 181-186.
Yang Y , Jin S , Fang B(2015,). Security risk assessment based on bayesian multi-step attack graphs. Journal of Computational Information Systems, 11(11), 3911-3918.
Holgado P, Víctor A. Villagrá, Luis Vázquez(2020,). Real-Time Multistep Attack Prediction Based on Hidden Markov Models. IEEE Transactions on Dependable and Secure Computing, 17(1), 134-147.
Mohammad Samar Ansari, Vaclav Bartos, Brian Lee(2020,). Shallow and Deep Learning Approaches for Network Intrusion Alert Prediction, 171, 644-653.
Liu K, Wang H, Shen Z H(2020,). Prediction of network attack profit path based on NAPG model. The Journal of China Universities of Posts and Telecommunications, 0021, 1005-8885.