公开(公告)号：US20090307777A1

公开(公告)日：2009-12-10

申请号：US12174335

申请日：2008-07-16

申请人： Xinggao He ,  Chong Fu ,  Fengli Zhang ,  Zhenqi Cao ,  Dunquan Wang ,  Niejun Zheng ,  Chengwei Zhang ,  Bo Wang ,  Changyi Lu

发明人： Xinggao He ,  Chong Fu ,  Fengli Zhang ,  Zhenqi Cao ,  Dunquan Wang ,  Niejun Zheng ,  Chengwei Zhang ,  Bo Wang ,  Changyi Lu

IPC分类号： G06F21/00 ,  G06N5/02

CPC分类号： H04L63/1416 ,  G06F21/55 ,  H04L63/0227

摘要： A method for predicting a network attack action, including: monitoring a network status parameter and obtaining information of an attack action according to a change of the network status parameter; selecting a subsequent attack action which has a most possibility to happen from a plurality of subsequent attack actions of the attack action according to a correspondence between the attack action and the plurality of subsequent attack actions, the subsequent attack action which has the most possibility to happen being a subsequent attack action with a largest occurrence number among the subsequent attack actions corresponding to the attack action; and outputting the subsequent attack action which has the most possibility to happen as a predicted network attack action. A device for predicting a network attack action including an attack action management unit is also provided. The present invention describes the attack action procedure and the relation among attack actions during the attack action procedure and provides a network pre-warning method for determining which action is to be taken.

摘要翻译： 一种用于预测网络攻击动作的方法，包括：根据网络状态参数的变化监视网络状态参数并获取攻击动作信息; 根据攻击动作与多次随后的攻击动作之间的对应关系，从攻击动作的多次后续攻击动作中选择最可能发生的后续攻击动作，最后发生的攻击动作最可能发生 是随后的对应于攻击动作的攻击动作中具有最大出现次数的攻击动作; 并输出最可能发生的随后的攻击动作作为预测的网络攻击动作。 还提供了一种用于预测包括攻击动作管理单元的网络攻击动作的装置。 本发明描述了攻击行为过程和攻击行为过程中的攻击行为之间的关系，并提供了一种网络预警方法，用于确定要采取的行为。