First EAI International Conference on Computer Science and Engineering

Research Article

AIRSE: An Approach for Attack Intention Recognition Based on Similarity of Evidences

Download157 downloads
  • @INPROCEEDINGS{10.4108/eai.27-2-2017.152343,
        author={Abdulghani Ali Ahmed and Noorul Ahlami Kamarul Zaman},
        title={AIRSE: An Approach for Attack Intention Recognition Based on Similarity of Evidences},
        proceedings={First EAI International Conference on Computer Science and Engineering},
        publisher={EAI},
        proceedings_a={COMPSE},
        year={2017},
        month={3},
        keywords={Cyberattacks Network forensics Attack intention recognition Similarity of evidences},
        doi={10.4108/eai.27-2-2017.152343}
    }
    
  • Abdulghani Ali Ahmed
    Noorul Ahlami Kamarul Zaman
    Year: 2017
    AIRSE: An Approach for Attack Intention Recognition Based on Similarity of Evidences
    COMPSE
    EAI
    DOI: 10.4108/eai.27-2-2017.152343
Abdulghani Ali Ahmed1,*, Noorul Ahlami Kamarul Zaman1
  • 1: Faculty of Computer Systems & Software Engineering Universiti Malaysia Pahang, 26300, Kuantan, Pahang, Malaysia
*Contact email: abdulghani@ump.edu.my

Abstract

Sensitive information can be exposed to critical risks when communicated through computer networks. The ability of attackers in hiding their attacks' intention obstructs existing protection systems to early prevent their attacks and avoid any possible sabotage in network systems. In this paper, we propose a similarity approach called Attack Intention Recognition based on Similarity of Evidences (AIRSE). In particular, the proposed approach AIRSE aims to recognize attack intention in real time. It classifies attacks according to their characteristics and uses the similar metric method to identify attacks motives and predict their intentions. In this study, attack intentions are categorized into specific and general intentions. General intentions are recognized by investigating violations against the security metrics of confidentiality, integrity, availability, and authenticity. Specific intentions are recognized by investigating the network attacks used to achieve a violation. The obtained results demonstrate that the proposed approach is capable of investigating similarity of attack signatures and recognizing the intentions of network attack.