Abstract:Intrusion detection,as an active measure to assure information security,has been receiving intensive attention and has recently become the focus of the computer security especially the network security research communities.In order to avoid being detected,however,intrusion events have evolved to become intelligent and distributive,making them good at concealing their purposes and so penetrating the intrusion detection system.To deal with this problem,as this paper does,techniques involving artificial intelligence and machine learning are brought in.This paper models intrusion and its detection as two multi-agent systems that have conflict interests,and holds the opinion that to intrude is just to device and execut attacking plans aiming to achieve certain objectives,the key of intrusion detection then is to analyze the observed opopnent's actions perceived as abnormal and reveal their intentions,which is then a classical intention recognition problem.Be is justifiable,we noticed that the traditional KEY-HOLE observing method for intention recognition is not suitable to be used here,because the environment for intrusion detection usually has an attack-defense nature thus is dynamic and can be extremely complex,making it expectable that failures to report intrusions and false reports of intrusions do happen,as a result acquiring a complete and true action sequence of the intruder is impossible.Under this circumstance,to design a strategy so robust that can recognize the intruder's intention using just an action sequence which not only contains only part of the intruder's complete action squence and also unknownly includs some misclassified actions is desperated needed,and this is exactly what this paper may contribute.Further than proposing the two multi-agent systems model,this paper sees the intrusion process as a Partially Observable Markov Decision Process(POMDP),and then estimates the intruder's intention as the output of the process.In this cae intention of the intruder can be recognized through an incomplete and defective action sequence it has just taken.The effectiveness of the proposed method is proved by experiments on data set contributed by DARPA.

Research on cyber attack intention recognition based on partially observable Markov decision process

Think That Attackers Think: Using First-Order Theory of Mind in Intrusion Response System.

Using HMM for Intent Recognition in Cyber Security Situation Awareness

A Hierarchical and Factored POMDP Based Automated Intrusion Response Framework

Intrusion Intention Identification Methods Based on Dynamic Bayesian Networks

Decision Model of Optimal Active Response for Network Security Using Partial Observable Markov Game

Intrusion Intention Recognition Method Based on Dynamic Bayesian Networks

Intrusive intention recognition based on attack path graph

Opponent's intention recognition and countermeasure based on behaviors

Plan Recognition Based Method for Predicting Intrusion Intentions of System Call Sequences

Stochastic Tools for Network Intrusion Detection

Research on Key Technologies of Network Security Situational Awareness for Attack Tracking Prediction

Predicting the Intrusion Intentions by Observing System Call Sequences

Hybrid Intrusion Detection Approach Based on Probabilistic Fuzzy Cognitive Map

Markov Decision Process For Automatic Cyber Defense

A Hidden Markov Model Based Framework for Tracking and Predicting of Attack Intention

Cyber situation perception for Internet of Things systems based on zero-day attack activities recognition within advanced persistent threat

Intrusion Detection Model Based on Intention Modeling

Using POMDP-based Approach to Address Uncertainty-Aware Adaptation for Self-Protecting Software

Active Deception using Factored Interactive POMDPs to Recognize Cyber Attacker's Intent

Fortified Network Security Perception: A Decentralized Multiagent Coordination Perspective