3rd International ICST Symposium on Information Assurance and Security

Research Article

DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment

  • @INPROCEEDINGS{10.1109/IAS.2007.67,
        author={Kjetil  Haslum and Ajith Abraham and Svein  Knapskog},
        title={DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Electronics packaging  Fuzzy systems  Hidden Markov models  Intelligent agent  Intrusion detection  Monitoring  Network servers  Protection  Risk management  Telecommunication traffic},
        doi={10.1109/IAS.2007.67}
    }
    
  • Kjetil Haslum
    Ajith Abraham
    Svein Knapskog
    Year: 2007
    DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.67
Kjetil Haslum1,*, Ajith Abraham1,*, Svein Knapskog1,*
  • 1: Center for Quantifiable Quality of Service in Communication Systems Norwegian University of Science and Technology O.S. Bragstads plass 2E, N-7491 Trondheim, Norway
*Contact email: haslum@q2s.ntnu.no, ajith.abraham@q2s.ntnu.no, knapskog@q2s.ntnu.no

Abstract

This paper proposes a Distributed Intrusion Prevention System (DIPS), which consists of several IPS over a large network (s), all of which communicate with each other or with a central server, that facilitates advanced network monitoring. A Hidden Markov Model is proposed for sensing intrusions in a distributed environment and to make a one step ahead prediction against possible serious intrusions. DIPS is activated based on the predicted threat level and risk assessment of the protected assets. Intrusions attempts are blocked based on (1) a serious attack that has already occurred (2) rate of packet flow (3) prediction of possible serious intrusions and (4) online risk assessment of the assets possibly available to the intruder. The focus of this paper is on the distributed monitoring of intrusion attempts, the one step ahead prediction of such attempts and online risk assessment using fuzzy inference systems. Preliminary experiment results indicate that the proposed framework is efficient for real time distributed intrusion monitoring and prevention.