Research Article
AIRSE: An Approach for Attack Intention Recognition Based on Similarity of Evidences
@INPROCEEDINGS{10.4108/eai.27-2-2017.152343, author={Abdulghani Ali Ahmed and Noorul Ahlami Kamarul Zaman}, title={AIRSE: An Approach for Attack Intention Recognition Based on Similarity of Evidences}, proceedings={First EAI International Conference on Computer Science and Engineering}, publisher={EAI}, proceedings_a={COMPSE}, year={2017}, month={3}, keywords={Cyberattacks Network forensics Attack intention recognition Similarity of evidences}, doi={10.4108/eai.27-2-2017.152343} }- Abdulghani Ali Ahmed
Noorul Ahlami Kamarul Zaman
Year: 2017
AIRSE: An Approach for Attack Intention Recognition Based on Similarity of Evidences
COMPSE
EAI
DOI: 10.4108/eai.27-2-2017.152343
Abstract
Sensitive information can be exposed to critical risks when communicated through computer networks. The ability of attackers in hiding their attacks' intention obstructs existing protection systems to early prevent their attacks and avoid any possible sabotage in network systems. In this paper, we propose a similarity approach called Attack Intention Recognition based on Similarity of Evidences (AIRSE). In particular, the proposed approach AIRSE aims to recognize attack intention in real time. It classifies attacks according to their characteristics and uses the similar metric method to identify attacks motives and predict their intentions. In this study, attack intentions are categorized into specific and general intentions. General intentions are recognized by investigating violations against the security metrics of confidentiality, integrity, availability, and authenticity. Specific intentions are recognized by investigating the network attacks used to achieve a violation. The obtained results demonstrate that the proposed approach is capable of investigating similarity of attack signatures and recognizing the intentions of network attack.
