In order to handle the uncertainties and complexities of multi-stage attack detection effectively, a novel detection model for multi-stage attacks based on Weighted Ordered Weighted Averaging (WOWA) and Fuzzy Cognitive Maps (FCM) was proposed. Based on Attack Intention Analysis, the WOWA-FCM detection model implemented the Cause Effect correlation of the primary intrusion alerts along with the vulnerability and configuration information of the target system utilizing Fuzzy Cognitive Maps, and implemented the effects fusion via WOWA aggregation operators. The WOWA-FCM approach was not only able to recognize the individual stages of a multi stage attack, construct the whole attack scenario, but also able to evaluate the global attack process and the security states of the target system dynamically. The WOWA-FCM model simplified the conventional multi-stage attack detection process, and provided with a better adaptability. The effectiveness of this approach was verified by the Mstream DDoS detection experimental results.
