Abstract

With the continuous development of Internet technology, network security issues are becoming more and more complex. In order to obtain or damage user information, attackers usually need to use multiple attack steps to attack different network nodes to achieve the final goal. Currently, traditional intrusion detection mainly focuses on classifying attacks on a single piece of traffic information, and lacks the use of correlation and timing information between multi-step attack traffic to carry out multi-step attack identification and correlation research. To this end, we introduce an edge-based graph attention network to aggregate the neighbor information of flows and use a long short-term memory neural network to obtain time series information. By considering neighbor traffic and time information during the classification process, we are able to achieve accurate classification in multi-step attack scenarios. Then, based on the classification results, the sum of the number of attacks and the number of attacks is counted for each host node. Then standardize the statistical counts of internal network host nodes and external network host nodes and set thresholds to exclude low-risk nodes. Finally, a time-based depth-first traversal algorithm is used to obtain the key attack chain. However, this method may face some challenges, such as high computational complexity, the ability to handle large-scale data, and the generalization ability of the model. Experimental results show that the method we proposed is significantly better than the traditional method in terms of accuracy and recall rate for multi-step attacks, and it can effectively correlate attack steps and obtain multiple key attack chains.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.