posted on 2016-03-24, 15:40authored byAbdulrazaq Almutairi, James FlintJames Flint, David J. Parish
Multi-stage attacks can evolve dramatically, causing much loss and damage to organisations. These attacks are frequently instigated by exploiting actions, which in isolation are legal, and are therefore particularly challenging to detect. Much research has been conducted in the multi-stage detection area, in order to build a framework based on an events correlation approach. This paper proposes a framework that predicts multi-stage attacks based on a different approach, which is an IP information evaluation. This approach was chosen after analysing three different multi-stage attack scenarios. This paper shows the analysis of those scenarios, detailing their steps and information hitherto unexploited in current intrusion detection systems. The paper also details the results obtained in the evaluation process, including detection and false positive rates.
History
School
Mechanical, Electrical and Manufacturing Engineering
Published in
The 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015)
Citation
ALMUTAIRI, A.Z., FLINT, J.A. and PARISH, D.J., 2015. Predicting multi-stage attacks based on IP information. IN: Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015), 14th-16th December 2015, London, pp. 384-390.