Intrusion intention recognition and response based on weighed plan knowledge graph

ZengyuCai, Qikun Zhang, Ran Zhang, Yong Gan

COMPUTER MODELLING&NEW TECHNOLOGIES 2014 18(12B) 151-157

School of Computer and Communication Engineering, ZhengzhouUniversity of Light Industry, Zheng Zhou 450002, China

With the development of the network, security has become the focus problem of network. To be effective, current intrusion prevention systems must incorporate artificial intelligence methods, such as plan recognition and adversarial plan. Plan recognition is critical for predicting the future actions of attackers and the adversarial plan is critical for planning appropriate responses to attacks. In this paper, an attack intention and plan recognition method based on weighted planning knowledge graph is presented to predict the anomaly intentions of potential intruders to a computer system according to the observation data. And the adversarial planning method based on HTN planning to response the future actions of attackers is also presented. The experimental results show that the plan recognition method based on weighed planning knowledge graph has a good accuracy in predicting the intrusion intentions. The experimental results also show that the adversarial planning method can prevent computer system correctly and effectively.