Real Time Intrusion Prediction based on Optimized Alerts with Hidden Markov Model
Abstract
Keywords
References
F. Xiao, S. Jin, and X. Li, ”A Novel Data Mining-Based
Method for Alert Reduction and Analysis,” Journal of
Network, vol. 5, 2010, pp. 88-97.
[2] D. Yu, and D. A. Frincke, ”Improving the quality of alerts
and predicting intruder’s next goal with Hidden Colored
Petri-Net,” Computer Networks, vol. 51, 2007, pp. 632-654.
[3] K. Scarfone, and P. Mell, ”Guide to Intrusion Detection
and Prevention Systems,” Technical Report NIST SP 800-
94, National Institute of Standards and Technology, 2007.
[4] N. Stakhanova, S. Basu, and J. Wong, ”Taxonomy of
Intrusion Response Systems,” Journal of Information and
Computer Security, vol. 1, 2007, pp. 169-184.
[5] D. B. Payne, and H. G. Gunhold, ”Policy-based security
configuration management application to intrusion detection
and prevention,” 2009 IEEE International Conference on
Communications, Dresden, Germany, 2009.
[6] A. Curtis, and J. Carver, ”Adaptive agent-based intrusion
response,” Ph.D thesis, Texas A&M University, USA, 2001.
[7] W. Lee, W. Fan, and M. Miller, ”Toward cost-sensitive
modeling for intrusion detection and response,” Journal of
Computer Security, vol. 10, 2002, pp. 5-22.
[8] D. B. Payne, and H. G. Gunhold, ”Evaluating the Impact
of Automated Intrusion Response Mechanisms,” Proceed-
ings of the 18th Annual Computer Security Applications
Conference, Los Alamitos, USA, 2002.
[9] C. P. Mu, and Y. Li, ”An intrusion response decision-making
model based on hierarchical task network planning,” Expert
systems with applications, vol. 37, 2010, pp. 2465-2472.
[10] RealSecure Signatures Reference Guide. Internet Security
Systems, http://documents.iss.net/
literature/RealSecure/RS Signatures 6.0.pdf.
[11] K. Haslum, A. Abraham, and S. Knapskog, ”Dips: A
framework for distributed intrusion prediction and preven-
tion using hidden markov models and online fuzzy risk
assessment,” In Third International Symposium on Infor-
mation Assurance and Security, 2007, pp. 183-188.
[12] K. Haslum, M. E. G. Moe, and S. J. Knapskog, ”Real-
time intrusion prevention and security analysis of networks
using HMMs,” 33rd IEEE Conference on Local Computer
Networks, Montreal, Canada, 2008.
[13] B. Zhu, and A. A. Ghorbani, ”Alert correlation for ex-
tracting attack strategies,” International Journal of Network
Security, vol. 3, 2006, pp. 244-258.
[14] C. Kruegel, F. Valeur, and G. Vigna, ”Alert Correlation,”
in Intrusion Detection and Correlation, first edition, vol. 14,
Ed. New York: Springer, 2005, pp. 29-35.
[15] L. Feng, W. Wang, L. Zhu, and Y. Zhang, ”Predicting in-
trusion goal using dynamic Bayesian network with transfer
probability estimation,” Journal of Networks and Computer Applications, vol. 32, n. 3, 2009, pp. 721-732.
[16] MIT Lincoln Laboratory, 2000 darpa intrusion detection
scenario specific data sets, 2000.
[17] North Carolina State University Cyber Defense Lab-
oratory, Tiaa: A toolkit for intrusion alert analysis,
http://discovery.csc.ncsu.edu/software/
correlator/ver0.4/index.html.
[18] S. Tanachaiwiwat, K. Hwang, and Y. Chen, ”Adaptive In-
trusion Response to Minimize Risk over Multiple Network
Attacks,” ACM Trans on Information and System Security,
2002.
[19] J. Han, and M. Kamber, ”Data Mining: Concepts and
Techniques,” 2nd ed., San Francisco: Elsevier, 2006.
[20] M. Gaber, A. Zaslavsky, and S. Krishnaswamy, ”Mining
Data Streams: A Review,” ACM SIGMOD Record, vol. 34,
2005.
[21] J. Han, H. Cheng, D. Xin, and X. Yan, ”Frequent pattern
mining: Current status and future directions,” Data Mining
and Knowledge Discovery, 2007.
[22] W. Li, and Z. Guo, ”Hidden Markov Model Based Real
Time Network Security Quantification Method,” nswctc,
International Conference on Networks Security, Wireless
Communications and Trusted Computing, pp. 94-100, 2009.
[23] C. Aggarwal, J. Han, J. Wang, and P. Yu, ”A Frame-
work for Projected Clustering of High Dimensional Data
Streams,” Proceedings of the 30th VLDB Conference,
Toronto, Canada, 2004.
[24] N. B. Anuar, M. Papadaki, S. Furnell, and N. Clarke, ”An
investigation and survey of response options for intrusion
response systems,” Information Security for South Africa,
pp. 1-8, 2010.
[25] L. R. Rabiner, ”A tutorial on hidden markov models and
selected applications in speech recognition,” Readings in
speech recognition, pp. 267-296, 1990.
Full Text: PDF