Title :
Real-time intrusion prevention and security analysis of networks using HMMs
Author :
Haslum, Kjetil ; Moe, Marie E G ; Knapskog, Svein J.
Author_Institution :
Centre for Quantifiable Quality of Service in Commun. Syst., Norwegian Univ. of Sci. & Technol., Trondheim
Abstract :
In this paper we propose to use a hidden Markov model (HMM) to model sensors for an intrusion prevention system (IPS). Observations from different sensors are aggregated in the HMM and the intrusion frequency security metric is estimated. We use a Markov model that captures the interaction between the attacker and the network to model and predict the next step of an attacker. A new HMM is created and used for updating the estimated system state for each observation, based on the sensor trustworthiness and the time since last observation processed. Our objective is to calculate and maintain a state probability distribution that can be used for intrusion prediction and prevention. We show how our sensor model can be applied to an IPS architecture based on intrusion detection system (IDS) sensors, real-time traffic surveillance and online risk assessment. Our approach is illustrated by a small case study.
Keywords :
hidden Markov models; safety systems; security of data; telecommunication security; HMMs; hidden Markov model; intrusion frequency security metric; intrusion prevention system; networks security analysis; probability distribution; real-time intrusion prevention; Frequency estimation; Hidden Markov models; Intrusion detection; Predictive models; Probability distribution; Real time systems; Sensor systems; State estimation; Surveillance; Traffic control;
Conference_Titel :
Local Computer Networks, 2008. LCN 2008. 33rd IEEE Conference on
Conference_Location :
Montreal, Que
Print_ISBN :
978-1-4244-2412-2
Electronic_ISBN :
978-1-4244-2413-9
DOI :
10.1109/LCN.2008.4664305
