Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2017, Vol. 40 ›› Issue (s1): 15-19.doi: 10.13190/j.jbupt.2017.s.004

• Papers • Previous Articles     Next Articles

A Method of Predicting Multi-Step Attacks Based on Improved HMM Model

RAO Zhi-hong1, XU Rui2, LIU Fang2, YANG Chun-liang1, FANG En-bo1   

  1. 1. No. 30 Institute of China Electronic Technology Group Corporation, Chengdu 610041, China;
    2. China Electronics Technology Cyber Security Compang Limited, Chengdu 610041, China
  • Received:2016-10-31 Online:2017-09-28 Published:2017-09-28

PDF

269

Abstract: An approach of predicting multi-step attacks based on improved hidden Markov model (HMM) and Viterbi algorithm was proposed. When the training data was sparse, poor probability estimates of the HMM were obtained by using maximum likelihood estimation. Thus, a modified calculation method of probability matrix was used to reduce error. When there existed false alerts in the alert sequence, a decision threshold was introduced in the Viterbi algorithm for correcting the forecast results. From the simulation and the experimental results based on the DARPA2000 data set, it is concluded that the proposed method can effectively improve the predicting accuracy.

Key words: hidden Markov model, multi-step attacks, Viterbi algorithm, attack intent, alert sequence

CLC Number: 

Copyright © 2018 Journal of Beijing University of Posts and Telecommunications 京ICP备14033833号

Adress: BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS    Post Code: 100876    Tel: (010)62281995    QQ: 307514248    weibo    Message    E-mail: byxb@bupt.edu.cn