Research on Attack Intention Recognition Based on Graphical Model

Intention recognition is the ability to predict an opposing forcepsilas high level goals. Knowing an attackerpsilas intention can support the decision-making of the network security administrators. Furthermore intent analysis plays an import role in the calculation of the inherent threat value. So how to recognize attack intention has become a research hot in network security domain recently.In this paper taxonomy of attack intention characterized by consequences of attack and targets of attack is introduced at first. Then a graphical model based on network security state is presented and used to recognize attack intention. D-S evidence theory is also introduced to deal with the uncertainty in the process of intent inference. Next algorithms of intention recognition and threat assessment are given in detail in order to offer a way to assess the network security situation. Finally several experiments are done in a local network. The results of the experiments prove the feasibility and validity of this method.