Network Threat Characterization in Multiple Intrusion Perspectives using Data Mining Technique

For effective security incidence response on the network, a reputa ble approach must be in placeat both protected and unprotected region of the network. Thisis because compromise in the demilitarized zone could be precursor to threat inside the network. The improv ed complexity of attacks in present times and vulnerability of system are motivationsfor this work. Past and present approachesto intrusion detection and prevention have neglected victim and attackerproperties despite the fact that for intrusion to occur, an overt act by an attacker and a manifestation, observable by the intended victim, which results from that act are required. Therefore, this paper presents athreat characterization model forattacks from the victim and the attacker perspective of intrusionusing data mining technique. The data mining technique combines Frequent Temporal Sequence Assoc iation Mining and Fuzzy Logic. AprioriAssociation Mining algorithm was used to mine temporal rule patterns from alertsequences while Fuzzy Control Systemwas used to rate exploits. The results of the experiment showthat accurate threat characterization inmultiple intrusion perspectives could be actualized using Fuzzy Association Mining . Also, the results proved that sequence of exploits could be used to rate threat and are motivated by victim properties and attacker objectives.

[1]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[2]  Svein J. Knapskog,et al.  Fuzzy Online Risk Assessment for Distributed Intrusion Prediction and Prevention Systems , 2008, Tenth International Conference on Computer Modeling and Simulation (uksim 2008).

[3]  J. T. Lochner The Journal of Defense Software Engineering , 1999 .

[4]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[5]  Dong Li,et al.  A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction , 2007, Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2007).

[6]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[7]  Matt Carlson,et al.  INTRUSION DETECTION AND PREVENTION SYSTEMS , 2006 .

[8]  Ulf Lindqvist,et al.  Modeling multistep cyber attacks for scenario recognition , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[9]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Ram Dantu,et al.  Classification of Attributes and Behavior in Risk Management Using Bayesian Networks , 2007, 2007 IEEE Intelligence and Security Informatics.

[11]  Karen Scarfone,et al.  Intrusion Detection and Prevention Systems , 2010, Handbook of Information and Communication Security.

[12]  Julia H. Allen,et al.  Intrusion Detection 1 : Implementation and Operational Issues , .

[13]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[14]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques with Java implementations , 2002, SGMD.