Prediction model of multi-step attack
- Resource Type
- Authors
- Zilun Zhao; Zhilin Duo; ZeKe Li; Liang Ye; ZeWen Chen
- Source
- 2020 7th International Conference on Information Science and Control Engineering (ICISCE).
- Subject
- Prediction algorithms
Security monitoring
Computer science
Event (computing)
ComputerApplications_COMPUTERSINOTHERSYSTEMS
Data mining
State (computer science)
Recall rate
computer.software_genre
computer
- Language
There are many security monitoring devices running in the state gird. The security monitoring devices can detect the alerts. Correlations between these alerts are existed. A complete multi-step attack event can be divided into many stages, the serious attack events always occurs in the later stage in a complete attack. We can make better defense when facing attack if we predict the next possible attack event. This paper proposed a multi-step attack prediction model. The attack events in state gird are transformed into the original dataset, which can be considered as the input of prediction model. By using this model, state gird security personnel can use prediction model to take preventive measures from being attacked. Experiments show that the recall rate and accuracy rate of this prediction model have reached 84. 90% and 84. 91%