HU Liang, XIE Nannan, CHAI Sheng, Nurbol. A Description Model of Multi-Step Attack Planning Domain Based on Knowledge Representation[J]. Chinese Journal of Electronics, 2013, 22(3): 437-441.
Citation: HU Liang, XIE Nannan, CHAI Sheng, Nurbol. A Description Model of Multi-Step Attack Planning Domain Based on Knowledge Representation[J]. Chinese Journal of Electronics, 2013, 22(3): 437-441.

A Description Model of Multi-Step Attack Planning Domain Based on Knowledge Representation

Funds:  This work is supported in part by the National High Technology Research and Development Program of China (863 program) (No.2011AA010101); the National Natural Science Foundation of China (No.61073009, No.61163052); the Science and Technology Key Project of Jilin Province (No.2011ZDGG007); the Doctor Fundation of Xinjiang University (No.BS110126); Science and Technology Plan of Changchun (No.11GH12).
  • Received Date: 2012-09-01
  • Rev Recd Date: 2013-01-01
  • Publish Date: 2013-06-15
  • Alerts of intrusion detection system are numerous, complex, and difficult to analyze. Alert correlation of multi-step attack is one of the solutions to this problem. Intelligence planning is an important research area of artificial intelligence, and always used in fields problems. Intelligence planning is used to deal with multi-step attack recognition in this work. A multi-step attack planning domain description model is proposed, in order to describe the attack knowledge base, and based on knowledge representation. The model is described with PDDL (Planning domain definition language). Experiments with DARPA 2000 dataset showed the model proposed can recognize multi-step attacks effectively, and is available and practical.
  • loading
  • Symantec Global Internet Security Threat Report Trends for 2008, http://eval.symantec.com/mktginfo/enterprise/wh ite papers/b-whitepaper internet security threat report xiv 042009.en-us.pdf. 2009.
    Symantec Network Security Report, http://www.symant ec.com/zh/cn/theme.jsp?themeid=istr. 2011.
    Nurbol, Chai Sheng, Li Hongwei, Hu Liang, “Intrusion detection alert correlation based on choquet fuzzy integral”, Acta Electronica Sinica, Vol.39, No.12, pp.2741-2747, 2001.
    Mu Chengpo, Huang Houkuan, Tian Shengfeng, Lin Youfang, Qin Yuanhui, “Intrusion-detection alerts processing based on fuzzy comprehensive evaluation”, Journal of Computer Research and Development, Vol.42, No.10, pp.679-1685, 2005.
    Benjamin Morin, Ludovic Mé, Hervé Debar, Mireille Ducassé, “M2D2: A formal data model for IDS alert correlation”, Proceedings of the 5th International Conference on Recent Advances in Intrusion Detection, Springer-Verlag Berlin, Heidelberg, pp.115-137, 2002.
    Ghallab M., Nau D., Traverso P., “Automated Planning: Theory and Practice”, Morgan Kaufmann Publishers, America, 2004.
    Blum A.L., Furst M.L., “Fast planning through planning graph analysis”, Artificial Intelligence, Vol.90, No.1-2, pp.281-300, 1997.
    Fikes R.E., Nilsson N., “STRIPS: A new approach to the application of therorem providing to problem solving”, Artificial Intelligence, Vol.2, No.3-4, pp.189-208, 1971.
    Wang Zhenzhen, Wu Xiaoyue, Liu Zhong, “A planning-based method of risk process modeling for information security”, Acta Electronica Sinica, Vol.36, No.12A, pp.76-80, 2008.
    Fikes R.E., Nilsson N.J., “STRIPS: A new approach to the apapplication of theorem proving to problem solving”, Artificial Intelligence, Vol.2, No.3-4, pp.189-208, 1971.
    Pednault E.P.D., “ADL: Exploring the middle ground between STRIPS and the situation calculus”, Proc. 1st Int. Conf. on Principles of Knowledge Representation and Reasoning, Toronto, Canada, pp.324-332, 1989.
    Malik Ghallab, Adele Howe, Craig Knoblock, et al., “PDDL-the planning domain definition language”, Technical Report, CVC TR-98-003/DCS TR-1165, Yale Center for Computational Vision and Control, 1998.
    Nian Zhigang, Liang Shi, Ma Lanfang, Li Shangping, “Study and application of knowledge expression”, Application Research of Computers, Vol.24, No.5, pp.234-236, 2007.
    Dawkins J., Hale J., “A systematic approach to multi-stage network attack analysis”, Second IEEE International Information Assurance Workshop, Charlotte, NC, pp.48-56, 2004.
    Alserhani F., Akhlaq M., Awan I.U., Cullen A.J., Mirchandani P., “MARS: Multi-stage attack recognition system”, 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), Perth, Australia, pp.753759, 2011.
    MIT Lincoln Laboratory. http://www.ll.mit.edu/mission/comm unications/ist/corpora/ideval/data/index.html.
    FastForward. http://fai.cs.uni-saarland.de/hoffmann/ff.html.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (384) PDF downloads(2473) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return