Recently, the number of targeted attacks to specific organizations, such as companies or governments, has been increasing. Although such organizations are required to conduct to protect against the attack or mitigate the effect of the targeted attack, it is very difficult to perform the proper operation without the assistance of a support system. Therefore, the authors developed the Live and Intelligent Network Forensic Technologies (LIFT) system to guide the proper operation and/or conduct an automatic operation using artificial intelligence. The LIFT system collects the logs from servers, PCs, and communication equipment such as routers and detects abnormal signs from the collected logs. Next, the LIFT system calculates the certainty factor of an event occurrence by using the knowledge of the relation between the detected signs and the estimated event. If the certainty factor is large enough, the event is assumed to occur, or else the LIFT system requires collecting additional logs or results of a memory dump. Moreover, the LIFT system guides the proper operation and/or conducts an automatic operation with the knowledge of the relation between the event and proposed action, which would be a guide or automatic operation. If the knowledge described is given to the LIFT system, a total simulation can be performed in the LIFT system based on rule-based technology, which is one of the artificial intelligence technologies. This paper describes the objective to develop the LIFT system, the overview of the system, the developed prototype of the LIFT system and the experimental results of applying the LIFT system prototype. From the experimental results, we confirm that the LIFT system can be a useful tool to perform the proper operation against a targeted attack.
[1]
Okamoto Eiji,et al.
Detection of Backdoor Communication Based on Cookie Insertion by an HTTP Proxy Server
,
2014
.
[2]
E. T. Anumol.
Use of Machine Learning Algorithms with SIEM for Attack Prediction
,
2015
.
[3]
Fabio Roli,et al.
Security Evaluation of Pattern Classifiers under Attack
,
2014,
IEEE Transactions on Knowledge and Data Engineering.
[4]
Farrukh Aslam Khan,et al.
Anticipating Advanced Persistent Threat (APT) countermeasures using collaborative security mechanisms
,
2014,
2014 International Symposium on Biometrics and Security Technologies (ISBAST).
[5]
G. MeeraGandhi.
Machine Learning Approach for Attack Prediction and Classification using Supervised Learning Algorithms
,
2010
.
[6]
Guo-Tan Liao,et al.
A Novel Probabilistic Matching Algorithm for Multi-Stage Attack Forecasts
,
2011,
IEEE Journal on Selected Areas in Communications.
[7]
P. Pavani.
Security Evaluation of Pattern Classifiers under Attack
,
2016
.