%0 Journal Article
%T Real Time Intrusion Prediction based on Optimized Alerts with Hidden Markov Model
%A Alireza Shameli Sendi
%A Michel Dagenais
%A Masoume Jabbarifar
%A Mario Couture
%J Journal of Networks
%D 2012
%I Academy Publisher
%R 10.4304/jnw.7.2.311-321
%X Cyber attacks and malicious activities are rapidlybecoming a major threat to proper secure organization.Many security tools may be installed in distributed systemsand monitor all events in a network. Security managers oftenhave to process huge numbers of alerts per day, produced bysuch tools. Intrusion prediction is an important technique tohelp response systems reacting properly before the networkis compromised. In this paper, we propose a frameworkto predict multi-step attacks before they pose a serioussecurity risk. Hidden Markov Model (HMM) is used toextract the interactions between attackers and networks.Since alerts correlation plays a critical role in prediction,a modulated alert severity through correlation concept isused instead of just individual alerts and their severity.Modulated severity generates prediction alarms for the mostinteresting steps of multi-step attacks and improves theaccuracy. Our experiments on the Lincoln Laboratory 2000data set show that our algorithm perfectly predicts multi-step attacks before they can compromise the network.
%K Intrusion
%K Prediction
%K Response System
%K Correlation
%K Hidden Markov Model
%U http://ojs.academypublisher.com/index.php/jnw/article/view/6663