A Method of Network Behavior Recognition and Attack Scenario Reconstruction for Attack Kill Chain
Authors
Jiawei Du, Xing Zhang, Guowei Suo, Ronghua Guo, Gang Lu
Corresponding Author
Jiawei Du
Available Online June 2019.
- DOI
- 10.2991/wcnme-19.2019.23How to use a DOI?
- Keywords
- attack kill chain; association analysis; knowledge database; directive reconstruction; behavior recognition
- Abstract
Currently, most successful network attacks are aimed at a particular target, composed of several attacks at different stages, and the attack is always carried out in a certain sequence, which coincides with the attack kill chain proposed by the US Army. Aiming at the typical multi-step attack type of attack kill chain, this paper proposes a hierarchical association analysis method for attack events based on directive database. By building a series of knowledge bases and using automatic means, the attack directives of key steps in the attack kill chain are reconstructed and generated, which can improve the accuracy of identifying and analyzing multi-step attack behaviors like attack kill chain.
- Copyright
- © 2019, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Jiawei Du AU - Xing Zhang AU - Guowei Suo AU - Ronghua Guo AU - Gang Lu PY - 2019/06 DA - 2019/06 TI - A Method of Network Behavior Recognition and Attack Scenario Reconstruction for Attack Kill Chain BT - Proceedings of the 2019 International Conference on Wireless Communication, Network and Multimedia Engineering (WCNME 2019) PB - Atlantis Press SP - 97 EP - 100 SN - 2352-538X UR - https://doi.org/10.2991/wcnme-19.2019.23 DO - 10.2991/wcnme-19.2019.23 ID - Du2019/06 ER -