Multi-stage attack detection using contextual information

Multi-stage attack detection using contextual information

The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs...

Full description

Saved in:
Bibliographic Details
Main Authors: Kostas Kyriakopoulos, Francisco J. Aparicio-Navarro, Ibrahim Ghafir, Sangarapillai Lambotharan, Jonathon Chambers
Format: Default Conference proceeding
Published: 2018
Subjects:
Mechanical engineering not elsewhere classified
Contextual information
Dempster-Shafer theory
Fuzzy cognitive maps
Intrusion detection system
MultiStage attack
Network security
Pattern-of-life
Point of entry
Mechanical Engineering not elsewhere classified
Online Access:https://hdl.handle.net/2134/34219
Tags: Add Tag
No Tags, Be the first to tag this record!
id rr-article-9556910
record_format Figshare
spelling rr-article-95569102018-01-01T00:00:00Z Multi-stage attack detection using contextual information Kostas Kyriakopoulos (1250595) Francisco J. Aparicio-Navarro (7204022) Ibrahim Ghafir (4352632) Sangarapillai Lambotharan (1252278) Jonathon Chambers (7121624) Mechanical engineering not elsewhere classified Contextual information Dempster-Shafer theory Fuzzy cognitive maps Intrusion detection system MultiStage attack Network security Pattern-of-life Point of entry Mechanical Engineering not elsewhere classified The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA is to create a Point of Entry (PoE) to a target machine, which could be used as part of an APT like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs in real-time by 58%. 2018-01-01T00:00:00Z Text Conference contribution 2134/34219 https://figshare.com/articles/conference_contribution/Multi-stage_attack_detection_using_contextual_information/9556910 CC BY-NC-ND 4.0
institution Loughborough University
collection Figshare
topic Mechanical engineering not elsewhere classified
Contextual information
Dempster-Shafer theory
Fuzzy cognitive maps
Intrusion detection system
MultiStage attack
Network security
Pattern-of-life
Point of entry
Mechanical Engineering not elsewhere classified
spellingShingle Mechanical engineering not elsewhere classified
Contextual information
Dempster-Shafer theory
Fuzzy cognitive maps
Intrusion detection system
MultiStage attack
Network security
Pattern-of-life
Point of entry
Mechanical Engineering not elsewhere classified
Kostas Kyriakopoulos
Francisco J. Aparicio-Navarro
Ibrahim Ghafir
Sangarapillai Lambotharan
Jonathon Chambers
Multi-stage attack detection using contextual information
description The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA is to create a Point of Entry (PoE) to a target machine, which could be used as part of an APT like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs in real-time by 58%.
format Default
Conference proceeding
author Kostas Kyriakopoulos
Francisco J. Aparicio-Navarro
Ibrahim Ghafir
Sangarapillai Lambotharan
Jonathon Chambers
author_facet Kostas Kyriakopoulos
Francisco J. Aparicio-Navarro
Ibrahim Ghafir
Sangarapillai Lambotharan
Jonathon Chambers
author_sort Kostas Kyriakopoulos (1250595)
title Multi-stage attack detection using contextual information
title_short Multi-stage attack detection using contextual information
title_full Multi-stage attack detection using contextual information
title_fullStr Multi-stage attack detection using contextual information
title_full_unstemmed Multi-stage attack detection using contextual information
title_sort multi-stage attack detection using contextual information
publishDate 2018
url https://hdl.handle.net/2134/34219
_version_ 1797733521997955072

Similar Items