4.7 Article

Projecting cyberattacks through variable-length Markov models

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (2008)

Get Full Text
Add to Collection

Journal

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Volume 3, Issue 3, Pages 359-369

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TIFS.2008.924605

Keywords

attack prediction; suffix tree; variable-length Markov model (VLMM)

Categories

Computer Science, Theory & Methods Engineering, Electrical & Electronic

Funding

  1. Center for Multisource Information Fusion (NCMIF)

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

Previous works in the area of network security have emphasized the creation of intrusion detection systems (IDSs) to flag malicious network traffic and computer usage, and the development of algorithms to analyze IDS alerts. One possible byproduct of correlating raw IDS data are attack tracks, which consist of ordered collections of alerts belonging to a single multistage attack. This paper presents a variable-length Markov model (VLMM) that captures the sequential properties of attack tracks, allowing for the prediction of likely future actions on ongoing attacks. The proposed approach is able to adapt to newly observed attack sequences without requiring specific network information. Simulation results are presented to demonstrate the performance of VLMM predictors and their adaptiveness to new attack scenarios.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.