Constructing Attack Scenarios Based on Coloured Petri Nets

Traditional intrusion detection systems only provide a great amount of indefendent and original attack alarming information,which does not help the users and IDSs to respond to the attacks in time.So the lower level alarming information is needed to build a higher level attack scenario.The paper proposes a method of dinamically buiding a real-time attack scenario using the colored Petri nets principle.The method firstly uses the colored Petri nets to describe the attack scenario,matches and builds the corresponding attack scenario with the ratio of the expanded association matrix,and verifies and checks the omitted attacks,predicts the next possible attack according to the built sub-attack scenario network;and meanwhile builds a new attack scenario mode by using a method of sub-attack scenario merge.