Paper Info
Title
Attack plan recognition using hidden Markov and probabilistic inference
Abstract
Intrusion detection systems perform well with single attack phase but not complex multi-step attacks which largely reduce their reliability. Multi-stage attack plan recognition aims at inferring attack plans and predicting upcoming attacks by analyzing the causal relationship between attack phases. Recent research often uses machine learning to deal with attack issues. However, some problems still exist. When probabilistic inference is applied to construct a causal network, researchers fail to take temporal sequence association into consideration, which makes it difficult for the model to deal with incomplete data. While the hidden Markov model can be used to recognize an attack plan, it cannot predict multiple intents nor their probabilities. This paper proposes a probability model based on the hidden Markov model and probabilistic inference responding to malicious events at runtime. This model uses online parameter updating rules which make it better suited to the rapidly changing cyber environment. Experimental results show that this model can achieve better performance compared to only using a single method and detect attack intent in an earlier stage.
Year
DOI
Venue
2020
10.1016/j.cose.2020.101974
Computers & Security
Keywords
DocType
Volume
Intrusion detection,Multi-stage attacks,Hidden Markov model,Probabilistic inference,Machine learning
Journal
97
ISSN
Citations 
PageRank 
0167-4048
0
0.34
References 
Authors
0
5
Name
Order
Citations
PageRank
Tun Li121.10
Yutian Liu200.34
Yanbing Liu315516.38
Yunpeng Xiao43310.88
Nang An Nguyen500.34