An Analytic Method for Designing Countermeasures against Computer Intrusions

Detectives and intrusion analysts are facing classical challenges on how to diligently investigate intrusion logs and simultaneously lessen the problems of undervaluation, overvaluation and reevaluation of computer intrusions. Fundamentally, clustering analysis of intrusion logs can determine nature of the countermeasures that will be proposed against online intrusions under evaluation. Practically, some clustering methods can degenerate to elaborate countermeasures. In this era of Big Data, clustering can also underestimate categories of smaller relationships within an intrusion log. Besides, existing methods still confirm that several countermeasures rarely guarantee enough protection of computerized resources from computer intruders. Thus, the development of how to thwart numerous attacks in progress in single operation is a favorite topic in computer security engineering. Therefore, the purpose of this paper is to propose Intrusion Prognostic Model to descriptively and statistically describe a predictor to lessen the above issues. Furthermore, C＋＋ programming language is used to implement the model. Evaluations on some datasets demonstrate the existence of four important probabilistic characteristics of alerts within intrusion logs. The results also explicate the existence of some extremely smaller relationships that are subsumed in other small relationships which may not necessarily generate big relationships. Finally, the results reveal that the efficacy of the proposed predictor can increase from 3.3793% to about 96.6207% accuracy during intrusion prognosis.