Title :
A Novel Probabilistic Matching Algorithm for Multi-Stage Attack Forecasts
Author :
Cheng, Bo-Chao ; Liao, Guo-Tan ; Huang, Chu-Chun ; Yu, Ming-Tse
Author_Institution :
Dept. of Commun. Eng., Nat. Chung-Cheng Univ., Chiayi, Taiwan
fDate :
8/1/2011 12:00:00 AM
Abstract :
Current intrusion detection systems (IDSs) can only discover single-step attacks but not complicated multi-stage attacks. Therefore, it is not only important, but also challenging for security managers to correlate security alerts with specific patterns to predict a multi-stage attack. In this paper, we propose Judge Evaluation of Attack intensioN (JEAN), which inspects the security alerts in the network and provides a probabilistic approach for the projection of the multi-stage attack by measuring the difference between the stored and the actual multi-stage attack session graphs (ASG). The experimental results show that JEAN is able to project possible attacks with more accuracy than Longest Common Subsequence (LCS) based approaches on DARPA 2000 and DARPA GCP (Grand Challenge Problem) specific attack scenario datasets.
Keywords :
security of data; Judge Evaluation of Attack intensioN; attack session graph; intrusion detection system; longest common subsequence; multistage attack forecast; probabilistic matching algorithm; Correlation; Hidden Markov models; IP networks; Pattern matching; Prediction algorithms; Probabilistic logic; Security; forecasting; forensics; incident response; multi-stage attack; network security; pattern matching;
Journal_Title :
Selected Areas in Communications, IEEE Journal on
DOI :
10.1109/JSAC.2011.110809
