Real Time Attacker Behavior Pattern Discovery and Profiling Using Fuzzy Rules

Computer security investigation would benefit from more information about the characteristics of the human attacker behind a security incident. Present security mechanisms focus on the characteristics of attack, rather than that of the attacker. Attacker behavior analysis is a challenging problem, as relevant data cannot be found easily. We apply cognitive analysis on the network traffic data logs to find the attacker category and infer his intentions. We propose a Fuzzy-rule based approach to categorize the attacker. To make the system more resilient, the attacker’s profile is subjected to behavioral analysis. Real time case study results assert that the proposed technique achieves a good accuracy in classifying the attacker, by discovering the attacker’s behavioral pattern. Further it can be used to assist security and forensic investigators in profiling human attackers.

[1]  Li Yang,et al.  Attacker behavior analysis in multi-stage attack detection system , 2011, CSIIRW '11.

[2]  Bill Landreth,et al.  Out of the inner circle : a hacker's guide to computer security , 1985 .

[3]  Antonio Colella,et al.  Digital scene of crime: technique of profiling users , 2012, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[4]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[5]  Zubair A. Baig,et al.  Distributed Hierarchical Pattern-Matching for Network Intrusion Detection , 2016 .

[6]  Andriy Panchenko,et al.  Towards Practical Attacker Classification for Risk Analysis in Anonymous Communication , 2006, Communications and Multimedia Security.

[7]  Jamal Raiyn,et al.  A survey of Cyber Attack Detection Strategies , 2014 .

[8]  Stelios Kapetanakis,et al.  Profiling cyber attackers using case-based reasoning , 2014 .

[9]  Mohammed J. Zaki,et al.  ADMIT: anomaly-based data mining for intrusions , 2002, KDD.

[10]  J. Pieprzyk,et al.  Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP) , 2012 .

[11]  Maria Kjaerland,et al.  A taxonomy and comparison of computer security incidents from the commercial and government sectors , 2006, Comput. Secur..

[12]  Chad M. Steel,et al.  Idiographic Digital Profiling: Behavioral Analysis Based On Digital Forensics , 2014 .

[13]  Sushil Jajodia,et al.  Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts , 2006, Comput. Commun..

[14]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[15]  G. Conti,et al.  Real-time and forensic network data analysis using animated and coordinated visualization , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[16]  George Loukas,et al.  Towards real-time profiling of human attackers and bot detection , 2014 .

[17]  Vasilios Katos,et al.  Real time DDoS detection using fuzzy estimators , 2012, Comput. Secur..

[18]  Li Yang,et al.  Multistage attack detection system for network administrators using data mining , 2010, CSIIRW '10.

[19]  Yongqing Fan,et al.  Adaptive Fuzzy Tracking Control with Compressor and Limiters for Uncertain Nonlinear Systems , 2014 .

[20]  S. Mercy Shalinie,et al.  Autonomous Agent for DDoS Attack Detection and Defense in an Experimental Testbed , 2014 .

[21]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .