Forecasting multi-stage attacks
Multiphase attacks are known to target organizations, no matter how big or small is the organization, and even government related networks causing serious damage to critical infrastructure. As the need to prevent these attacks from succeeding, the researchers must first determine whether seemingly i...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Animo Repository
2014
|
| Subjects: | |
| Online Access: | https://animorepository.dlsu.edu.ph/etd_bachelors/11180 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | De La Salle University |
| Language: | English |
| Summary: | Multiphase attacks are known to target organizations, no matter how big or small is the organization, and even government related networks causing serious damage to critical infrastructure. As the need to prevent these attacks from succeeding, the researchers must first determine whether seemingly isolated attacks are part of an organized assault and what may possibly come next. Currently there are solutions that allows systems to identify attacks based on patterns from a given results from live network systems. These solutions have proven to be effective when identifying newly discovered threats where signature based approaches fail. Using the correlation and reporting functions of security information and events management solutions to help in data analysis in security events. When the signature’s pattern is identified, it is used to correlate with the other signatures and help identify a possible next phase of the multistage attack using prediction algorithms. The research has proven the possibility of forecasting multistage attacks phases. This is known through test results on data sets containing attacks gathered from simulations. Results from test results on data sets containing attacks gathered from simulations. Results from sets on datasets containing different kinds of attacks have shown that it is possible to forecast phased of multistage attacks that current security solutions are unable to address. By training a Hidden Markov model with different multistage attack sequences, the researchers are able to predict a stage of a multistage attack. The resulting HMM’s recognition rate of 33.33% shows that correlated sequences provide data enough for the models to be used in prediction of attack stages and attack events. A theoretical analysis backed by the testing and research indicates that a multistage attack can be predicted using observations gathered from a network packet. |
|---|