The exponential growth in the number of cyber attacks in the recent past has necessitated active research on network intrusion detection, prediction and mitigation systems. While there are numerous solutions available for intrusion detection, the prediction of future network intrusions still remains an open research problem. Existing approaches employ statistical and/or shallow machine learning methods for the task, and therefore suffer from the need for feature selection and engineering. This paper presents a deep learning based approach for prediction of network intrusion alerts. A Gated Recurrent Unit (GRU) based deep learning model is proposed which is shown to be capable of learning dependencies in security alert sequences, and to output likely future alerts given a past history of alerts from an attacking source. The performance of the model is evaluated on intrusion alert sequences obtained from the Warden alert sharing platform.

最近网络攻击数量呈指数增长，因此需要对网络入侵检测、预测和缓解系统进行积极研究。尽管有许多可用于入侵检测的解决方案，但未来网络入侵的预测仍然是一个开放的研究问题。现有方法采用统计和/或浅层机器学习方法来完成任务，因此需要进行特征选择和工程设计。本文提出了一种基于深度学习的网络入侵警报预测方法。提出了一种基于门控循环单元 (GRU) 的深度学习模型，该模型被证明能够学习安全警报序列中的依赖关系，并在给定来自攻击源的警报的过去历史记录的情况下输出可能的未来警报。监狱长警报共享平台。