• DocumentCode
    1283967
  • Title

    A Novel Probabilistic Matching Algorithm for Multi-Stage Attack Forecasts

  • Author

    Cheng, Bo-Chao ; Liao, Guo-Tan ; Huang, Chu-Chun ; Yu, Ming-Tse

  • Author_Institution
    Dept. of Commun. Eng., Nat. Chung-Cheng Univ., Chiayi, Taiwan
  • Volume
    29
  • Issue
    7
  • fYear
    2011
  • fDate
    8/1/2011 12:00:00 AM
  • Firstpage
    1438
  • Lastpage
    1448
  • Abstract
    Current intrusion detection systems (IDSs) can only discover single-step attacks but not complicated multi-stage attacks. Therefore, it is not only important, but also challenging for security managers to correlate security alerts with specific patterns to predict a multi-stage attack. In this paper, we propose Judge Evaluation of Attack intensioN (JEAN), which inspects the security alerts in the network and provides a probabilistic approach for the projection of the multi-stage attack by measuring the difference between the stored and the actual multi-stage attack session graphs (ASG). The experimental results show that JEAN is able to project possible attacks with more accuracy than Longest Common Subsequence (LCS) based approaches on DARPA 2000 and DARPA GCP (Grand Challenge Problem) specific attack scenario datasets.
  • Keywords
    security of data; Judge Evaluation of Attack intensioN; attack session graph; intrusion detection system; longest common subsequence; multistage attack forecast; probabilistic matching algorithm; Correlation; Hidden Markov models; IP networks; Pattern matching; Prediction algorithms; Probabilistic logic; Security; forecasting; forensics; incident response; multi-stage attack; network security; pattern matching;
  • fLanguage
    English
  • Journal_Title
    Selected Areas in Communications, IEEE Journal on
  • Publisher
    ieee
  • ISSN
    0733-8716
  • Type

    jour

  • DOI
    10.1109/JSAC.2011.110809
  • Filename
    5963162
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1283967