Title :
A Hidden Markov Model Based Framework for Tracking and Predicting of Attack Intention
Author :
Zan, Xin ; Gao, Feng ; Han, Jiuqiang ; Sun, Yu
Author_Institution :
Dept. of Autom., Xi´´an Jiaotong Univ., Xi´´an, China
Abstract :
Recently, several approaches for intrusion correlation and attack scenario analysis have been proposed. However, these approaches all focus on the flooding alert reduction or high-level alert correlation. In this paper, we study the problem of tracking and predicting of attack intentions. We use hidden Markov models to represent the typical attack scenarios and design a complete framework named HMM-AIP composed of online tracking and prediction module and offline model training module. A novel and effective tracking and predicting attack intention algorithm is presented. We perform experiments to validate our algorithm and the results show that our approach can identify false alert and give the creditable prediction result when the alert observation sequence fits the typical attack scenarios nicely.
Keywords :
hidden Markov models; security of data; HMM-AIP framework; attack intention prediction; attack intention tracking; hidden Markov model; intrusion alert correlation; intrusion detection; Aggregates; Automation; Computer hacking; Floods; Hidden Markov models; Information analysis; Information security; Intrusion detection; Prediction algorithms; Protection; HMM; Intrusion alert correlation; Intrusion detection; attack intention prediction;
Conference_Titel :
Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
Conference_Location :
Hubei
Print_ISBN :
978-0-7695-3843-3
Electronic_ISBN :
978-1-4244-5068-8
DOI :
10.1109/MINES.2009.277
