Active intrusion detection and prediction based on temporal big data analytics

Abstract

Computer security consists in protecting access and manipulating system data by several mechanisms. However, conventional protection technologies are ineffective against current attacks. Thus, new tools have appeared, such as the intrusion detection and prediction systems which are important defense elements for network security since they detect the ongoing intrusions and predict the upcoming attacks. Besides, most of conventional protection technologies remain insufficient in terms of actions since they are all passive systems, unable to provide recommendations in order to block or stop the attacks. In this paper, a distributed detection and prediction system, composed of three major parts, is proposed. The first part deals with the detection of intrusions based on the decision tree learning algorithm. The second part deals with intrusions prediction using the chronicle algorithm. The third part proposes an expert system for security recommendations in response to detected intrusions, able to provide appropriate recommendations to stop the attacks. The proposed system gives good results in terms of accuracy and precision in detecting and predicting attacks, and efficiency in proposing the right recommendations to stop the attacks.