A Description Model of Multi-Step Attack Planning Domain Based on Knowledge Representation

HU Liang; XIE Nannan; CHAI Sheng; Nurbol

Article Contents

Article Navigation > Chinese Journal of Electronics > 2013 > 22(3): 437-441

HU Liang, XIE Nannan, CHAI Sheng, et al., “A Description Model of Multi-Step Attack Planning Domain Based on Knowledge Representation,” Chinese Journal of Electronics, vol. 22, no. 3, pp. 437-441, 2013,

Citation:

HU Liang, XIE Nannan, CHAI Sheng, et al., “A Description Model of Multi-Step Attack Planning Domain Based on Knowledge Representation,” Chinese Journal of Electronics, vol. 22, no. 3, pp. 437-441, 2013,

Citation:

PDF( 342 KB)

A Description Model of Multi-Step Attack Planning Domain Based on Knowledge Representation

1.
Computer Science and Technology College, Key Laboratory of Symbolic Computing and Knowledge Engineering of Ministry of Education, Jilin University, Changchun 130012, China;
2.
Information Science and Engineering College, Xinjiang University, Urumqi 830046, China

Funds: This work is supported in part by the National High Technology Research and Development Program of China (863 program) (No.2011AA010101); the National Natural Science Foundation of China (No.61073009, No.61163052); the Science and Technology Key Project of Jilin Province (No.2011ZDGG007); the Doctor Fundation of Xinjiang University (No.BS110126); Science and Technology Plan of Changchun (No.11GH12).

Received Date: 2012-09-01
Rev Recd Date: 2013-01-01
Publish Date: 2013-06-15

Abstract

Abstract

Alerts of intrusion detection system are numerous, complex, and difficult to analyze. Alert correlation of multi-step attack is one of the solutions to this problem. Intelligence planning is an important research area of artificial intelligence, and always used in fields problems. Intelligence planning is used to deal with multi-step attack recognition in this work. A multi-step attack planning domain description model is proposed, in order to describe the attack knowledge base, and based on knowledge representation. The model is described with PDDL (Planning domain definition language). Experiments with DARPA 2000 dataset showed the model proposed can recognize multi-step attacks effectively, and is available and practical.
- Multi-step attack,
- Intelligence planning,
- Attack planning domain,
- Planning domain definition language (PDDL)

FullText(HTML)

References(17)

References

Symantec Global Internet Security Threat Report Trends for 2008, http://eval.symantec.com/mktginfo/enterprise/wh ite papers/b-whitepaper internet security threat report xiv 042009.en-us.pdf. 2009.

Symantec Network Security Report, http://www.symant ec.com/zh/cn/theme.jsp?themeid=istr. 2011.

Nurbol, Chai Sheng, Li Hongwei, Hu Liang, “Intrusion detection alert correlation based on choquet fuzzy integral”, Acta Electronica Sinica, Vol.39, No.12, pp.2741-2747, 2001.

Mu Chengpo, Huang Houkuan, Tian Shengfeng, Lin Youfang, Qin Yuanhui, “Intrusion-detection alerts processing based on fuzzy comprehensive evaluation”, Journal of Computer Research and Development, Vol.42, No.10, pp.679-1685, 2005.

Benjamin Morin, Ludovic Mé, Hervé Debar, Mireille Ducassé, “M2D2: A formal data model for IDS alert correlation”, Proceedings of the 5th International Conference on Recent Advances in Intrusion Detection, Springer-Verlag Berlin, Heidelberg, pp.115-137, 2002.

Ghallab M., Nau D., Traverso P., “Automated Planning: Theory and Practice”, Morgan Kaufmann Publishers, America, 2004.

Blum A.L., Furst M.L., “Fast planning through planning graph analysis”, Artificial Intelligence, Vol.90, No.1-2, pp.281-300, 1997.

Fikes R.E., Nilsson N., “STRIPS: A new approach to the application of therorem providing to problem solving”, Artificial Intelligence, Vol.2, No.3-4, pp.189-208, 1971.

Wang Zhenzhen, Wu Xiaoyue, Liu Zhong, “A planning-based method of risk process modeling for information security”, Acta Electronica Sinica, Vol.36, No.12A, pp.76-80, 2008.

Fikes R.E., Nilsson N.J., “STRIPS: A new approach to the apapplication of theorem proving to problem solving”, Artificial Intelligence, Vol.2, No.3-4, pp.189-208, 1971.

Pednault E.P.D., “ADL: Exploring the middle ground between STRIPS and the situation calculus”, Proc. 1st Int. Conf. on Principles of Knowledge Representation and Reasoning, Toronto, Canada, pp.324-332, 1989.

Malik Ghallab, Adele Howe, Craig Knoblock, et al., “PDDL-the planning domain definition language”, Technical Report, CVC TR-98-003/DCS TR-1165, Yale Center for Computational Vision and Control, 1998.

Nian Zhigang, Liang Shi, Ma Lanfang, Li Shangping, “Study and application of knowledge expression”, Application Research of Computers, Vol.24, No.5, pp.234-236, 2007.

Dawkins J., Hale J., “A systematic approach to multi-stage network attack analysis”, Second IEEE International Information Assurance Workshop, Charlotte, NC, pp.48-56, 2004.

Alserhani F., Akhlaq M., Awan I.U., Cullen A.J., Mirchandani P., “MARS: Multi-stage attack recognition system”, 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), Perth, Australia, pp.753759, 2011.

MIT Lincoln Laboratory. http://www.ll.mit.edu/mission/comm unications/ist/corpora/ideval/data/index.html.

FastForward. http://fai.cs.uni-saarland.de/hoffmann/ff.html.

Relative Articles

Supplements(0)

Cited By

Proportional views