Abstract:It is difficult for traditional intrusion detection systems to obtain the relationship among network attack behaviors. Taking an attack graph representation model as a guide, an intelligent mining model of attack events based on Bayesian network is proposed. A Bayesian attack association graph is established based on prior knowledge. The network attack behaviors are aggregated based on attribute similarity. An efficient Ex-Apriori algorithm is designed for network attack scenarios to discover the association rules among the attack behaviors, and the attack behavior group set is established. Finally, the attack behavior group set is calculated by using the parameters of the Bayesian attack association graph to realize the discovery of attack events. Experiments show that this model can effectively extract network attack events and discover attack paths, and provide theoretical and technical support for the discovery and countermeasures of network attack events.