METHOD AND DEVICE FOR PREDICTING NETWORK ATTACK ACTION
First Claim
1. A method for predicting a network attack action, comprising:
- monitoring a network status parameter and obtaining information of an attack action according to a change of the network status parameter;
selecting a subsequent attack action which has a most possibility to happen from a plurality of subsequent attack actions based on the attack action according to a correspondence between the attack action and the plurality of subsequent attack actions, the subsequent attack action which has a likelihood of occurrence having a largest occurrence number among the plurality of subsequent attack actions corresponding to the attack action; and
outputting the subsequent attack action which has a likelihood of occurrence as a predicted network attack action.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for predicting a network attack action, including: monitoring a network status parameter and obtaining information of an attack action according to a change of the network status parameter; selecting a subsequent attack action which has a most possibility to happen from a plurality of subsequent attack actions of the attack action according to a correspondence between the attack action and the plurality of subsequent attack actions, the subsequent attack action which has the most possibility to happen being a subsequent attack action with a largest occurrence number among the subsequent attack actions corresponding to the attack action; and outputting the subsequent attack action which has the most possibility to happen as a predicted network attack action. A device for predicting a network attack action including an attack action management unit is also provided. The present invention describes the attack action procedure and the relation among attack actions during the attack action procedure and provides a network pre-warning method for determining which action is to be taken.
-
Citations
12 Claims
-
1. A method for predicting a network attack action, comprising:
-
monitoring a network status parameter and obtaining information of an attack action according to a change of the network status parameter; selecting a subsequent attack action which has a most possibility to happen from a plurality of subsequent attack actions based on the attack action according to a correspondence between the attack action and the plurality of subsequent attack actions, the subsequent attack action which has a likelihood of occurrence having a largest occurrence number among the plurality of subsequent attack actions corresponding to the attack action; and outputting the subsequent attack action which has a likelihood of occurrence as a predicted network attack action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A device for predicting a network attack action, comprising:
an attack action management unit adapted to detect a change of a network status parameter, search attack action information according to the change of the network status parameter, and predict a subsequent attack action which has a most possibility to happen from a plurality of subsequent attack actions corresponding to an attack action, according to a correspondence between the attack action and the plurality of subsequent attack actions of the attack action. - View Dependent Claims (10, 11, 12)
Specification