Performance Assessment of Network Intrusion-Alert Prediction

Abstract

In the current global cyber warfare landscape, cyber attacks on infrastructure are a serious threat. Although network administrators use intrusion detection systems (IDSs) to detect threats and anomalies, they usually only offer post-attacks alerts. If we could predict malicious activities, we could allow network administrators or security enhancing software to take appropriate actions in advance of damage occurring. Incoming intrusion detection alerts can be considered as a sequence. We used Pytbull to simulate cyber attacks within a testbed network environment and collected Snort generated intrusion detection alerts. We tested four sets of alert-prediction programs with this data: Single-Scope Blending algorithm, a Simple Bayesian Mixture algorithm, a Multiple Simple Bayesian algorithm and a Variable Markov Model algorithm. The harmonic mean of the precision and recall (F-score) measured prediction accuracy. The Single-Scope Blending algorithm performed the best in these tests, especially in a multiple attacker environment.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2012
Accession Number
ADA567789

Entities

People

  • Farn W. Khong

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Algorithms
  • Artificial Intelligence
  • Computational Science
  • Computer Network Security
  • Computer Networks
  • Computers
  • Cyberattacks
  • Cybersecurity
  • Detection
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Local Area Networks
  • Machine Learning
  • Network Protocols
  • Network Science
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Neural Network Machine Learning.

Technology Areas

  • AI & ML
  • AI & ML - Bayesian Inference
  • Cyber
  • Cyber - Cryptography