Memorias de investigación
Research Publications in journals:
Real-time multistep attack prediction based on Hidden Markov Models
Year:2017

Research Areas
  • Information technology and adata processing

Information
Abstract
A novel method based on the Hidden Markov Model is proposed to predict multistep attacks using IDS alerts. We consider the hidden states as similar phases of a particular type of attack. As a result, it can be easily adapted to multistep attacks and foresee the next steps of an attacker. To achieve this goal, a preliminary off-line training phase based on observations will be required. These observations are obtained by matching the IDS alert information with a database previously built for this purpose using a clusterization method from the CVE global database to avoid overfitting. The training model is performed using both unsupervised and supervised algorithms. Once the training is completed and probability matrices are computed, the prediction module compute the best state sequence based on the state probability for each step of the multistep attack in progress using the Viterbi and forward-backward algorithms. The training model includes the mean number of alerts and the number of alerts in progress to assist in obtaining the final attack probability. The model is analyzed for DDoS phases because it is a great problem in all Internet services. The proposed method is validated into a virtual DDoS scenario using current vulnerabilities. The results proving the system?s ability to perform real-time prediction.
International
Si
JCR
Si
Title
Ieee Transactions on Dependable And Secure Computing
ISBN
1545-5971
Impact factor JCR
1,592
Impact info
Datos JCR del año 2015
Volume
10.1109/TDSC.2017.2751478
Journal number
From page
1
To page
14
Month
SIN MES
Ranking
Participants

Research Group, Departaments and Institutes related
  • Creador: Grupo de Investigación: Redes y Servicios de Telecomunicación e Internet
  • Centro o Instituto I+D+i: Centro de I+d+i en Procesado de la Información y Telecomunicaciones
  • Departamento: Ingeniería de Sistemas Telemáticos