A Hidden Markov Model Based Framework for Tracking and Predicting of Attack Intention

Author

Zan, Xin ; Gao, Feng ; Han, Jiuqiang ; Sun, Yu

Author_Institution

Dept. of Autom., Xi´´an Jiaotong Univ., Xi´´an, China

Volume

2

fYear

2009

fDate

18-20 Nov. 2009

Firstpage

498

Lastpage

501

Abstract

Recently, several approaches for intrusion correlation and attack scenario analysis have been proposed. However, these approaches all focus on the flooding alert reduction or high-level alert correlation. In this paper, we study the problem of tracking and predicting of attack intentions. We use hidden Markov models to represent the typical attack scenarios and design a complete framework named HMM-AIP composed of online tracking and prediction module and offline model training module. A novel and effective tracking and predicting attack intention algorithm is presented. We perform experiments to validate our algorithm and the results show that our approach can identify false alert and give the creditable prediction result when the alert observation sequence fits the typical attack scenarios nicely.

Keywords

hidden Markov models; security of data; HMM-AIP framework; attack intention prediction; attack intention tracking; hidden Markov model; intrusion alert correlation; intrusion detection; Aggregates; Automation; Computer hacking; Floods; Hidden Markov models; Information analysis; Information security; Intrusion detection; Prediction algorithms; Protection; HMM; Intrusion alert correlation; Intrusion detection; attack intention prediction;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia Information Networking and Security, 2009. MINES '09. International Conference on

Conference_Location

Hubei

Print_ISBN

978-0-7695-3843-3

Electronic_ISBN

978-1-4244-5068-8

Type

conf

DOI

10.1109/MINES.2009.277

Filename

5368325