Abstract
Nowadays, to provide a picture of the current intrusive activities in the network, detection methods are important to tackle the probable risks of attackers' malicious behaviors. Intrusion Detection Systems (IDSs), as detection solutions, are one of the main devices to record and analyze suspicious activities. A huge number of low-level alerts generated by IDSs clearly reflect the need for a novel alert correlation system to reduce alert redundancy, correlate security alerts, and discover multi-step attack scenarios. In this paper, we propose a novel alert correlation framework which processes the generated alerts in real time, correlate the alerts, construct the attack scenarios using the concept of Bayesian networks and forecasts the next goal of attackers using the creation of attack prediction rules. The proposed framework has two modes: on-line and offline. In the off-line mode, a Bayesian Attack Graph (BAG) is constructed using the concept of Bayesian networks. Then, in the on-line mode, the most probable next steps of the attacker are predicted. Experimental results show that the framework is efficient enough in detecting multi-step attack strategies without using any predefined knowledge. The results also show that the algorithm perfectly forecasts multi-step attacks before they can compromise the network.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
