FGCS_2019_2779_RevisedManuscript_V0.pdf (921.19 kB)
Analysis of hidden Markov model learning algorithms for the detection and prediction of multi-stage network attacks
journal contribution
posted on 2020-03-09, 15:43 authored by Timothy Chadza, Kostas KyriakopoulosKostas Kyriakopoulos, Sangarapillai LambotharanSangarapillai LambotharanHidden Markov Models have been extensively used for determining computer systems under a Multi-Stage Network Attack (MSA),
however, acquisition of optimal model training parameters remains a formidable challenge. This paper critically analyses the
detection and prediction accuracy of a wide range of training and initialisation algorithms including the expectation-maximisation,
spectral, Baum-Welch, differential evolution, K-means, and segmental K-means. The performance of these algorithms has been
evaluated, both individually and in a hybrid approach, for detecting all the states and current state, and predicting the next state
(NS), and the next observation (NO) of a given alert observation sequence. For generating this alert sequence, the Snort signaturebased intrusion detection system was utilised, using either bespoke or default rules, to raise alerts while examining the DARPA
2000 MSA dataset. The investigation also sheds further light on alternative approaches for forecasting the possible NS and NO in
an MSA campaign, as well as, the impact of window size on the prediction performance for all analysed techniques. The results and
discussion emphasise on the appropriateness of various techniques for the prediction of NS and NO. Furthermore, NO prediction
accuracy has indicated a performance increase of up to 44.95% in the proposed hybrid approaches.
History
School
- Mechanical, Electrical and Manufacturing Engineering
Published in
Future Generation Computer SystemsVolume
108Issue
July 2020Pages
636 - 649Publisher
ElsevierVersion
- AM (Accepted Manuscript)
Rights holder
© ElsevierPublisher statement
This paper was accepted for publication in the journal Future Generation Computer Systems and the definitive published version is available at https://doi.org/10.1016/j.future.2020.03.014Acceptance date
2020-03-03Publication date
2020-03-09Copyright date
2020ISSN
0167-739XPublisher version
Language
- en
Depositor
Dr Kostas Kyriakopoulos. Deposit date: 8 March 2020Usage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC