Research Article
DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment
@INPROCEEDINGS{10.1109/IAS.2007.67, author={Kjetil Haslum and Ajith Abraham and Svein Knapskog}, title={DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment}, proceedings={3rd International ICST Symposium on Information Assurance and Security}, publisher={IEEE}, proceedings_a={IAS}, year={2007}, month={9}, keywords={Electronics packaging Fuzzy systems Hidden Markov models Intelligent agent Intrusion detection Monitoring Network servers Protection Risk management Telecommunication traffic}, doi={10.1109/IAS.2007.67} }- Kjetil Haslum
Ajith Abraham
Svein Knapskog
Year: 2007
DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment
IAS
IEEE
DOI: 10.1109/IAS.2007.67
Abstract
This paper proposes a Distributed Intrusion Prevention System (DIPS), which consists of several IPS over a large network (s), all of which communicate with each other or with a central server, that facilitates advanced network monitoring. A Hidden Markov Model is proposed for sensing intrusions in a distributed environment and to make a one step ahead prediction against possible serious intrusions. DIPS is activated based on the predicted threat level and risk assessment of the protected assets. Intrusions attempts are blocked based on (1) a serious attack that has already occurred (2) rate of packet flow (3) prediction of possible serious intrusions and (4) online risk assessment of the assets possibly available to the intruder. The focus of this paper is on the distributed monitoring of intrusion attempts, the one step ahead prediction of such attempts and online risk assessment using fuzzy inference systems. Preliminary experiment results indicate that the proposed framework is efficient for real time distributed intrusion monitoring and prevention.