Abstract
Intrusion detection systems (IDSs) can detect and respond to various attacks. However, they cannot detect all attacks, and they are not capable of predicting future attacks. In this research, we propose an automatic intrusion prediction system (IPS) called E-NIPS (Event-based Network Intrusion Prediction System) that can not only detect attacks but also predict future probable attacks. We have utilized network penetration scenarios partitioned into multiple phases depending on the sequences they follow during network penetrations. Each of these phases consists of attack classes that are precursors to attack classes of the next phase. An attack class is a set of attacks that have same the objectives, categorized to generalize network penetration scenarios and to reduce the burden on the prediction engine during intrusion alerts correlation and prediction tasks. Future attacks are predicted based on the attack classes detected in an earlier phase of a penetration scenario. Automatic intrusion prediction provides little but very crucial time required for fortifying networks against attacks, warns network administrators about possible attacks, and reduces the damage caused due to attacks. In this paper, we describe the architecture, operation, and implementation of E-NIPS. The prototype implementation is evaluated based on some of the most commonly occurring network penetration scenarios. The experimental results show that the prototype automatically provides useful information about the occurrence of future attack events.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Network 8, 26–41 (1994)
Arsham, H.: Time-critical decision making for business administration. University of Baltimore, Maryland, USA (accessed January 2006), http://home.ubalt.edu/ntsbarsh/Business-stat/stat-data/Forecast.htm
Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans 31(4) (2001)
Ye, N., Chen, Q., Borror, C.M.: EWMA forecast of normal system activity computer intrusion detection. IEEE Transaction on Reliability 53(4) (December 2004)
Ramasubramanian, P., Kannan, A.: Quickprop neural network ensemble forecasting framework for a database intrusion prediction system. Neural Information Processing - Letters and Reviews 5(1) (2004)
Pikoulas, J., Buchanan, W.J., Mannion, M., Triantafyllopoulos, K.: An agent-based bayesian forecasting model for enhanced network security. In: Proc. of the Eighth Annual IEEE International Conference and Workshop on the Engineering of Computer-Based Systems-ECBS, pp. 247–254. Los Alamitos, CA, USA (April 2001)
Govindu, S.K.: An intelligent mobile agent-based intrusion forecasting system (March 2005) (accessed January 2006), http://www.securitydocs.com/library/3110
Hu, P., Heywood, M.I.: Predicting intrusions with local linear models. In: Proc. of the IEEE International Joint Conference on Neural Networks, vol. 3, pp. 1780–1785 (2003)
Maner, W., Joyce, S.: WXSYS Weather Lore + Fuzzy Logic = Weather Forecasts. Presented at the 1997 CLIPS Virtual Conference (1997) (accessed January 2006), http://web.cs.bgsu.edu/maner/wxsys/wxsys.htm
Zulkernine, M., Haque, A., Desroches, M.: Will I be attacked - forecasting network intrusions. In: The 16th IEEE International Symposium on Software Reliability Engineering (ISSRE), Chicago, Illinois, USA, vol. 4, pp. 9–10 (November 2005)
McClure, S., Scambray, J., Kurtz, G.: Hacking Exposed, 5th edn. Mc-Graw Hill, USA (2005)
Teng, H.S., Chen, K., Lu, S.C.: Security audit trail analysis using inductively generated predictive rules. In: Proc. of the Sixth Conference on Artificial Intelligence Applications, New Jersey, pp. 24–29 ( March 1990)
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proc. of the 1998 Workshop on New Security Paradigms, pp. 71–79. Virginia, USA (1998)
Levitt, K., Templeton, S.J.: A requires/provides model for computer attacks. In: Proc. of the 2000 Workshop on New Security Paradigms, Cork, Ireland (February 2001)
Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proc. of 2002 IEEE Symposium on Security and Privacy, pp. 202–215. Oakland, California, USA (2002)
Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting network intrusion alerts. Computer Communications 29(15), 2917–2933 (2006)
Zhu, B., Ghorbani, A.: Alert correlation for extracting attack strategies. International Journal of Network Security 3(3), 244–258 (2006)
Roesch, M.: Snort – lightweight intrusion detection for networks. In: Proc. of USENIX LISA 99, Seattle, Washington, USA (1999)
Lincoln, M.I.T.: Laboratory, 2000 DARPA intrusion detection scenario specific datasets (accessed January 2006), http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html
Security Forest :ToolTree (accessed August 2006), http://www.securityforest.com/wiki/index.php/Category
McHugh, J.: Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262–294 (2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kannadiga, P., Zulkernine, M., Haque, A. (2007). E-NIPS: An Event-Based Network Intrusion Prediction System. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds) Information Security. ISC 2007. Lecture Notes in Computer Science, vol 4779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75496-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-75496-1_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75495-4
Online ISBN: 978-3-540-75496-1
eBook Packages: Computer ScienceComputer Science (R0)