Journal
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Volume 3, Issue 3, Pages 359-369Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TIFS.2008.924605
Keywords
attack prediction; suffix tree; variable-length Markov model (VLMM)
Funding
- Center for Multisource Information Fusion (NCMIF)
Ask authors/readers for more resources
Previous works in the area of network security have emphasized the creation of intrusion detection systems (IDSs) to flag malicious network traffic and computer usage, and the development of algorithms to analyze IDS alerts. One possible byproduct of correlating raw IDS data are attack tracks, which consist of ordered collections of alerts belonging to a single multistage attack. This paper presents a variable-length Markov model (VLMM) that captures the sequential properties of attack tracks, allowing for the prediction of likely future actions on ongoing attacks. The proposed approach is able to adapt to newly observed attack sequences without requiring specific network information. Simulation results are presented to demonstrate the performance of VLMM predictors and their adaptiveness to new attack scenarios.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available