Indian Journal of Science and Technology
Year: 2015, Volume: 8, Issue: 12, Pages: 1-10
Maheyzah Md Siraj1,2*, Hashim Hussein Taha Albasheer1 and Mazura Mat Din1
1 Information Assurance and Security Research Group (IASRG), Faculty of Computing, Universiti Teknologi Malaysia, Skudai, Johor, Malaysia; [email protected]
2 Department of Information Systems, Faculty of Computer, King Khalid University - 62529, Saudi Arabia
Despite of Network Intrusion Detection System/Sensors (NIDSs) deployment in the computer networks to detect various attacks, it raises a serious problem. They generate a high volume of low-quality intrusion alerts when attack scenarios have taken place. Worst, NIDSs cannot extract or even predict sequence of attack scenarios. Thus, alert post-processing or known as Alert Correlation (AC) is much needed to derive current system security. AC aims to identify the complete relationship among intrusion alerts that can reveal the attacker strategy (i.e., sequence of attack scenarios). Current works do not provide attack prediction and proactive actions when attack scenarios were launched. Prediction can assists early warning and prevention to avoid the attack from escalating and damaging the network. In this paper, we highlight the important research problems in developing AC which has motivate us to propose a new AC framework design that include attack prediction and proactive step in a real-time multiple sensors environment. It is worth mentioning that to complement NIDSs in detecting the incoming attacks, intrusion alert prediction is an exploratory area for future research for the purpose of improving the quality of correlation and predicting the next attacker scenario as a proactive step.
Keywords: Attack Scenarios Prediction, Intrusion Alert Prediction, Network Security, NIDS, Real-Time Alert Correlation
Subscribe now for latest articles and news.