Prediction model of multi-step attack

There are many security monitoring devices running in the state gird. The security monitoring devices can detect the alerts. Correlations between these alerts are existed. A complete multi-step attack event can be divided into many stages, the serious attack events always occurs in the later stage in a complete attack. We can make better defense when facing attack if we predict the next possible attack event. This paper proposed a multi-step attack prediction model. The attack events in state gird are transformed into the original dataset, which can be considered as the input of prediction model. By using this model, state gird security personnel can use prediction model to take preventive measures from being attacked. Experiments show that the recall rate and accuracy rate of this prediction model have reached 84. 90% and 84. 91%