Using Hidden Markov Models to Evaluate the Risks of Intrusions

Årnes, André; Valeur, Fredrik; Vigna, Giovanni; Kemmerer, Richard A.

doi:10.1007/11856214_8

Cited by 62 publications

(29 citation statements)

References 12 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this model, the sequence of events that match attacks signature rules in the correlation tree represents a series of state transitions with a certain probability where each event is not directly visible but output dependent on the event is visible, the output in this case is the attack phase or state. To build this model, we consider four main issues, (A) formally defining the model using some notation of [17], (B) the implementation of the model, (C) the training of the model, and (D) the evaluation of the model.…”

Section: Acidf Prediction and Early-warningsmentioning

confidence: 99%

Online risk assessment and prediction models for Autonomic Cloud Intrusion srevention systems

Kholidy

Erradi

Abdelwahed

et al. 2014

2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)

View full text Add to dashboard Cite

The extensive use of virtualization in implementing cloud infrastructure brings unrivaled security concerns for cloud tenants or customers and introduces an additional layer that itself must be completely configured and secured. Intruders can exploit the large amount of cloud resources for their attacks. Most of the current security technologies do not provide the essential security features for cloud systems such as early warnings about future ongoing attacks, autonomic prevention actions, and risk measure. This paper discusses the integration of these three features to our Autonomic Cloud Intrusion Detection Framework (ACIDF). The early warnings are signaled through a new finite State Hidden Markov prediction model that captures the interaction between the attackers and cloud assets. The risk assessment model measures the potential impact of a threat on assets given its occurrence probability. The estimated risk of each security alert is updated dynamically as the alert is correlated to prior ones. This enables the adaptive risk metric to evaluate the cloud's overall security state. The prediction system raises early warnings about potential attacks to the autonomic component, controller. Thus, the controller can take proactive corrective actions before the attacks pose a serious security risk to the system. According to our experiments, both risk metric and prediction model have successfully signaled early warning alerts 39.6 minutes before the launching of the LLDDoS1.0 attack. This gives the system administrator or an autonomic controller ample time to take preventive measures.

show abstract

Section: Acidf Prediction and Early-warningsmentioning

confidence: 99%

Online risk assessment and prediction models for Autonomic Cloud Intrusion srevention systems

Kholidy

Erradi

Abdelwahed

et al. 2014

2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA)

View full text Add to dashboard Cite

show abstract

“…Due to its good performance in statistics, HMM (Hidden Markov Model) [21][22][23][24][25] technique is rapidly developed and applied in fields as voice recognition, classification, security situation prediction, intrusion detection, etc. In the field of security situation prediction, Hisham [26] proposed the first HMM model with finite state to predict the multistep attack in cloud computing system.…”

Section: Related Workmentioning

confidence: 99%

A Security Situation Prediction Algorithm Based on HMM in Mobile Network

Liang

Long

Zuo

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The increasingly severe network security situation brings unanticipated challenges to mobile networking. Traditional HMM (Hidden Markov Model) based algorithms for predicting the network security are not accurate, and to address this issue, a weighted HMM based algorithm is proposed to predict the security situation of the mobile network. The multiscale entropy is used to address the low speed of data training in mobile network, whereas the parameters of HMM situation transition matrix are also optimized. Moreover, the autocorrelation coefficient can reasonably use the association between the characteristics of the historical data to predict future security situation. Experimental analysis on DARPA2000 shows that the proposed algorithm is highly competitive, with good performance in prediction speed and accuracy when compared to existing design.

show abstract

“…A further approach to risk modelling is proposed by Arnes et al [3]. They use Hidden Markov Models to evaluate the risks of intrusion, and present risk depending on IT assets, as well as define the risk level of a network as the composition of risks of individual hosts.…”

Section: Related Workmentioning

confidence: 99%

IT confidentiality risk assessment for an architecture-based approach

Morali

Zambon

Etalle

2008

2008 3rd IEEE/IFIP International Workshop on Business-Driven IT Management

View full text Add to dashboard Cite

Abstract-Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is modeldriven integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact for confidentiality incidents. Furthermore, depending on the monetary value of an information asset, we bridge the technical and business-oriented views of information security.

show abstract

Using Hidden Markov Models to Evaluate the Risks of Intrusions

Cited by 62 publications

References 12 publications

Online risk assessment and prediction models for Autonomic Cloud Intrusion srevention systems

Online risk assessment and prediction models for Autonomic Cloud Intrusion srevention systems

A Security Situation Prediction Algorithm Based on HMM in Mobile Network

IT confidentiality risk assessment for an architecture-based approach

Contact Info

Product

Resources

About