Research Article
Using Network Attack Graph to Predict the Future Attacks
@INPROCEEDINGS{10.1109/CHINACOM.2007.4469413, author={Jie Lei and Zhi-tang Li}, title={Using Network Attack Graph to Predict the Future Attacks}, proceedings={2nd International ICST Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2008}, month={3}, keywords={Computer science Data security Forensics Inference mechanisms Intrusion detection Libraries Protection Real time systems Testing Tree graphs}, doi={10.1109/CHINACOM.2007.4469413} }- Jie Lei
Zhi-tang Li
Year: 2008
Using Network Attack Graph to Predict the Future Attacks
CHINACOM
IEEE
DOI: 10.1109/CHINACOM.2007.4469413
Abstract
An intrusion detection system (IDS) generates alerts indicating what malicious behaviors are going on against the protected network system. When comparing the real-time reported IDS alerts with the network attack graph which provides all possible sequences of exploits that an intruder may use to penetrate the system, some prediction on future attacks can be made. In this paper we proposed a novel approach to predicting future attacks. First an attack graph is generated through data mining and the predictability of every attack scenario which represents how probable there would be oncoming attacks following the attack scenario can be estimated. Then in real-time intrusion detection environment the IDS alerts are correlated into attack scenarios and ranked by their predictability scores. Finally the attack scenarios with high predictability are used as the evidence to make prediction on future attacks. The effectiveness of the approach has been validated with a honeynet system.