Abstract: The main form of network attack is multi-step attack. The current security equipments can only detect but not forecast. For this issue, this paper presents an approach based on attack utility to recognize the attacker’s finally intention and forecast the next possible attack. It describes a multi-attack by the attack intent, and establishes the multi-attack logic diagram based on the attack intention. During the procedure of the attack forecast, attack utility is used to represent the attackers benefit for each attack step. The attack utility is an important reference for the multi-step attack forecast. Experimental results prove the validity of the algorithm.

Key words: attack forecast, multi-step attack, attack intention, attack utility

摘要： 网络攻击以复合攻击形式为主，但当前的安全设备只能检测无法预测。针对该问题，提出一种基于攻击效用的复合攻击预测方法，通过该方法识别攻击者的最终意图，并预测攻击者下一步可能进行的攻击行为。该方法利用攻击意图描述复合攻击过程，建立基于攻击意图的复合攻击逻辑关系图，引入攻击效用的概念，表示入侵者在攻击过程中完成每步攻击所获得的收益大小，是复合攻击预测的参考。实验结果验证了该方法的有效性。

关键词: 攻击预测, 复合攻击, 攻击意图, 攻击效用

CLC Number: 

• TP309