All Title Author
Keywords Abstract

Real Time Intrusion Prediction based on Optimized Alerts with Hidden Markov Model

DOI: 10.4304/jnw.7.2.311-321

Keywords: Intrusion , Prediction , Response System , Correlation , Hidden Markov Model

Full-Text   Cite this paper   Add to My Lib


Cyber attacks and malicious activities are rapidlybecoming a major threat to proper secure organization.Many security tools may be installed in distributed systemsand monitor all events in a network. Security managers oftenhave to process huge numbers of alerts per day, produced bysuch tools. Intrusion prediction is an important technique tohelp response systems reacting properly before the networkis compromised. In this paper, we propose a frameworkto predict multi-step attacks before they pose a serioussecurity risk. Hidden Markov Model (HMM) is used toextract the interactions between attackers and networks.Since alerts correlation plays a critical role in prediction,a modulated alert severity through correlation concept isused instead of just individual alerts and their severity.Modulated severity generates prediction alarms for the mostinteresting steps of multi-step attacks and improves theaccuracy. Our experiments on the Lincoln Laboratory 2000data set show that our algorithm perfectly predicts multi-step attacks before they can compromise the network.


comments powered by Disqus