A Novel Probabilistic Matching Algorithm for Multi-Stage Attack Forecasts

A Novel Probabilistic Matching Algorithm for Multi-Stage Attack Forecasts

Current intrusion detection systems (IDSs) can only discover single-step attacks but not complicated multi-stage attacks. Therefore, it is not only important, but also challenging for security managers to correlate security alerts with specific patterns to predict a multi-stage attack. In this paper...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE journal on selected areas in communications 2011-08, Vol.29 (7), p.1438-1448
Hauptverfasser: Cheng, Bo-Chao, Liao, Guo-Tan, Huang, Chu-Chun, Yu, Ming-Tse
Format: Artikel
Sprache:eng
Schlagworte:
Correlation
forecasting
forensics
Hidden Markov models
incident response
IP networks
multi-stage attack
network security
Pattern matching
Prediction algorithms
Probabilistic logic
Security
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Current intrusion detection systems (IDSs) can only discover single-step attacks but not complicated multi-stage attacks. Therefore, it is not only important, but also challenging for security managers to correlate security alerts with specific patterns to predict a multi-stage attack. In this paper, we propose Judge Evaluation of Attack intensioN (JEAN), which inspects the security alerts in the network and provides a probabilistic approach for the projection of the multi-stage attack by measuring the difference between the stored and the actual multi-stage attack session graphs (ASG). The experimental results show that JEAN is able to project possible attacks with more accuracy than Longest Common Subsequence (LCS) based approaches on DARPA 2000 and DARPA GCP (Grand Challenge Problem) specific attack scenario datasets.
ISSN:0733-8716
1558-0008
DOI:10.1109/JSAC.2011.110809