Network Attack Classification and Recognition Using HMM and Improved Evidence Theory

Luo, Gang; Wen, Ya; Xiang, Lingyun

doi:10.14569/ijacsa.2016.070404

Cited by 4 publications

(1 citation statement)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1 The ASSERT architecture and its connection to external modules future actions. Past research works (Luo et al 2016) and (Bolzoni et al 2009) have suggested a similar concept and the need to integrate intrusion detection systems with attack classifiers.…”

Section: Background and Related Workmentioning

confidence: 99%

ASSERT: attack synthesis and separation with entropy redistribution towards predictive cyber defense

Okutan

Yang

2019

Cybersecur

View full text Add to dashboard Cite

The sophistication of cyberattacks penetrating into enterprise networks has called for predictive defense beyond intrusion detection, where different attack strategies can be analyzed and used to anticipate next malicious actions, especially the unusual ones. Unfortunately, traditional predictive analytics or machine learning techniques that require training data of known attack strategies are not practical, given the scarcity of representative data and the evolving nature of cyberattacks. This paper describes the design and evaluation of a novel automated system, ASSERT, which continuously synthesizes and separates cyberattack behavior models to enable better prediction of future actions. It takes streaming malicious event evidences as inputs, abstracts them to edge-based behavior aggregates, and associates the edges to attack models, where each represents a unique and collective attack behavior. It follows a dynamic Bayesian-based model generation approach to determine when a new attack behavior is present, and creates new attack models by maximizing a cluster validity index. ASSERT generates empirical attack models by separating evidences and use the generated models to predict unseen future incidents. It continuously evaluates the quality of the model separation and triggers a re-clustering process when needed. Through the use of 2017 National Collegiate Penetration Testing Competition data, this work demonstrates the effectiveness of ASSERT in terms of the quality of the generated empirical models and the predictability of future actions using the models.

show abstract

Section: Background and Related Workmentioning

confidence: 99%