Profiling cyber attacks using alert regression profiles

There are three fundamental requirements of computer security: prevention, detection and response. All the three must be fully protected. This paper, discusses the need for creating a new intrusion prevention system (IPS) that when integrated with current intrusion detection system may provide comprehensive protection against new attacks and prevent all known attacks. The fundamental building blocks of this system is the concept of building chronological ordered sequence of events which represent the details of the attacks (ARP). Then by applying the three weighting models we are able to provide more realistic views of attacks. This concept of weighting, where different events are assigned different weights, serves as the basis of the alert regression profile allowing the use of thresholds. Thresholds represent the fine balance between the accuracy of the alert and its timeliness. Hopefully the ideas presented in this paper may introduce some new ideas to this field so as to one day contain or eliminate all threats.