Predicting multi-stage attacks based on IP information

Multi-stage attacks can evolve dramatically, causing much loss and damage to organisations. These attacks are frequently instigated by exploiting actions, which in isolation are legal, and are therefore particularly challenging to detect. Much research has been conducted in the multi-stage detection...

Full description

Saved in:
Bibliographic Details
Main Authors: Abdulrazaq Almutairi, James Flint, David J. Parish
Format: Default Conference proceeding
Published: 2015
Subjects:
Online Access:https://hdl.handle.net/2134/20723
Tags: Add Tag
No Tags, Be the first to tag this record!
id rr-article-9557864
record_format Figshare
spelling rr-article-95578642015-01-01T00:00:00Z Predicting multi-stage attacks based on IP information Abdulrazaq Almutairi (1252041) James Flint (1251738) David J. Parish (7168355) Mechanical engineering not elsewhere classified untagged Mechanical Engineering not elsewhere classified Multi-stage attacks can evolve dramatically, causing much loss and damage to organisations. These attacks are frequently instigated by exploiting actions, which in isolation are legal, and are therefore particularly challenging to detect. Much research has been conducted in the multi-stage detection area, in order to build a framework based on an events correlation approach. This paper proposes a framework that predicts multi-stage attacks based on a different approach, which is an IP information evaluation. This approach was chosen after analysing three different multi-stage attack scenarios. This paper shows the analysis of those scenarios, detailing their steps and information hitherto unexploited in current intrusion detection systems. The paper also details the results obtained in the evaluation process, including detection and false positive rates. 2015-01-01T00:00:00Z Text Conference contribution 2134/20723 https://figshare.com/articles/conference_contribution/Predicting_multi-stage_attacks_based_on_IP_information/9557864 CC BY-NC-ND 4.0
institution Loughborough University
collection Figshare
topic Mechanical engineering not elsewhere classified
untagged
Mechanical Engineering not elsewhere classified
spellingShingle Mechanical engineering not elsewhere classified
untagged
Mechanical Engineering not elsewhere classified
Abdulrazaq Almutairi
James Flint
David J. Parish
Predicting multi-stage attacks based on IP information
description Multi-stage attacks can evolve dramatically, causing much loss and damage to organisations. These attacks are frequently instigated by exploiting actions, which in isolation are legal, and are therefore particularly challenging to detect. Much research has been conducted in the multi-stage detection area, in order to build a framework based on an events correlation approach. This paper proposes a framework that predicts multi-stage attacks based on a different approach, which is an IP information evaluation. This approach was chosen after analysing three different multi-stage attack scenarios. This paper shows the analysis of those scenarios, detailing their steps and information hitherto unexploited in current intrusion detection systems. The paper also details the results obtained in the evaluation process, including detection and false positive rates.
format Default
Conference proceeding
author Abdulrazaq Almutairi
James Flint
David J. Parish
author_facet Abdulrazaq Almutairi
James Flint
David J. Parish
author_sort Abdulrazaq Almutairi (1252041)
title Predicting multi-stage attacks based on IP information
title_short Predicting multi-stage attacks based on IP information
title_full Predicting multi-stage attacks based on IP information
title_fullStr Predicting multi-stage attacks based on IP information
title_full_unstemmed Predicting multi-stage attacks based on IP information
title_sort predicting multi-stage attacks based on ip information
publishDate 2015
url https://hdl.handle.net/2134/20723
_version_ 1756511505303470080