Performance Assessment of Network Intrusion-Alert Prediction

reportActive / Technical Report | Accession Number: ADA567789 | Open PDF

Abstract:

In the current global cyber warfare landscape, cyber attacks on infrastructure are a serious threat. Although network administrators use intrusion detection systems IDSs to detect threats and anomalies, they usually only offer post-attacks alerts. If we could predict malicious activities, we could allow network administrators or security enhancing software to take appropriate actions in advance of damage occurring. Incoming intrusion detection alerts can be considered as a sequence. We used Pytbull to simulate cyber attacks within a testbed network environment and collected Snort generated intrusion detection alerts. We tested four sets of alert-prediction programs with this data Single-Scope Blending algorithm, a Simple Bayesian Mixture algorithm, a Multiple Simple Bayesian algorithm and a Variable Markov Model algorithm. The harmonic mean of the precision and recall F-score measured prediction accuracy. The Single-Scope Blending algorithm performed the best in these tests, especially in a multiple attacker environment.

Author(s):
Khong, Farn W.
Author Organization(s):
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Descriptive Note:
Master's thesis
Pagination:
0059

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:
Approved For Public Release
Distribution Statement:
Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR
Identifying Numbers
Monitor Series:
NPS
 Subject Terms
Joint Capability Areas:
JCA_6_Net Centric; JCA_6.4.3_Respond to Attack Event; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_6.1.3_Switching and Routing; JCA_6.1.1_Wired Transmission; JCA_6.1.2_Wireless Transmission; JCA_6.1_Information Transport; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_5_Command and Control; JCA_5.3_Planning; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services; JCA_5.3.2_Apply Situational Understanding; JCA_1.2.7_Experimentation; JCA_6.2_Enterprise Services
Modernization Areas:
Cyber
Communities of Interest:
Cyber
Descriptor(s):
*COMPUTER NETWORKS, *INTRUSION DETECTION(COMPUTERS), *WARNING SYSTEMS, ACCURACY, ALGORITHMS, ANOMALIES, ARTIFICIAL INTELLIGENCE, BAYES THEOREM, COMPUTER PROGRAMS, DATA TRANSMISSION SECURITY, MARKOV PROCESSES, MATHEMATICAL MODELS, THESES
Field(s)/Group(s):
Computer Systems, Computer Systems Management and Standards
Keyword(s):
ALERT PREDICTION
Report Date:
2012 Sep 01
Creation Date:
2013 Jan 14