Abstract
For effective security incidence response on the network, a reputa ble approach must be in placeat both protected and unprotected region of the network. Thisis because compromise in the demilitarized zone could be precursor to threat inside the network. The improv ed complexity of attacks in present times and vulnerability of system are motivationsfor this work. Past and present approachesto intrusion detection and prevention have neglected victim and attackerproperties despite the fact that for intrusion to occur, an overt act by an attacker and a manifestation, observable by the intended victim, which results from that act are required. Therefore, this paper presents athreat characterization model forattacks from the victim and the attacker perspective of intrusionusing data mining technique. The data mining technique combines Frequent Temporal Sequence Assoc iation Mining and Fuzzy Logic. AprioriAssociation Mining algorithm was used to mine temporal rule patterns from alertsequences while Fuzzy Control Systemwas used to rate exploits. The results of the experiment showthat accurate threat characterization inmultiple intrusion perspectives could be actualized using Fuzzy Association Mining . Also, the results proved that sequence of exploits could be used to rate threat and are motivated by victim properties and attacker objectives.
Highlights
The insurgence of threats most especially new threats on the internet calls for serious concern
While the assets in the inside zone are protected by inside firewall, application firewall inclusive, the asset in the demilitarize zone (DMZ) could benefit from outside zone firewall
We present techniques to automatically rate threats from intrusion alerts generated by Intrusion Detection System (IDS)
Summary
The insurgence of threats most especially new threats on the internet calls for serious concern. While the assets in the inside zone are protected by inside firewall, application firewall inclusive, the asset in the DMZ could benefit from outside zone firewall This is in line with Intrusion Prevention System goal [2] of detecting intrusions and responding to the intrusions actively using firewall. In order to successfully militate against attacks in the network most especially in situation of intrusion prediction, a reliable incidence response mechanism for defence against attacks from attackers and victim point of view is required. This will culminate in extensive analysis of events, accurate prediction and real time prevention of eventualities. We present techniques to automatically rate threats from intrusion alerts generated by Intrusion Detection System (IDS)
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Network Security & Its Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
