Intrusion diagnosis and prediction with expert system

Xuejiao Liu; Chengfang Fang; Debao Xiao

doi:10.1002/sec.293

Intrusion diagnosis and prediction with expert system

Xuejiao Liu, Chengfang Fang, Debao Xiao

Research output: Contribution to journal › Article › Research › peer-review

8 Citations (Scopus)

Abstract

Network diagnosis and attack prediction can help the network administrator to take timely actions to defend against well-planned attacks that exploit a chain of vulnerabilities. One important data source for such analysis is the alerts generated by intrusion detection systems (IDS) deployed over the network. However, IDS typically generates overwhelming amount of alerts, where one cannot simply aggregate or discard. In addition, the chance of a successful exploit depends on many hidden factors such as system status and attacker power, and thus the dependencies among exploits and conditions are typically too complicated to analyze under probability framework. In this paper, we employ expert system to deal with such uncertainties and conduct certainty factor inference. We show that analysis in fuzzy system is tractable and we propose an algorithm to analyze the network status and predict the potential attacks. Finally, we give a case study to illustrate our algorithm and evaluate the effectiveness of our approach on the DARPA data sets.

Original language	English
Pages (from-to)	1483-1494
Number of pages	12
Journal	Security and Communication Networks
Volume	4
Issue number	12
DOIs	https://doi.org/10.1002/sec.293
Publication status	Published - 2011
Externally published	Yes

Keywords

Attack graph
Certainty factor
Intrusion diagnosis
Attack prediction

Access to Document

10.1002/sec.293Licence: CC BY

Cite this

@article{8d1d608d56774ce5b648d2d984b1fbf1,

title = "Intrusion diagnosis and prediction with expert system",

abstract = "Network diagnosis and attack prediction can help the network administrator to take timely actions to defend against well-planned attacks that exploit a chain of vulnerabilities. One important data source for such analysis is the alerts generated by intrusion detection systems (IDS) deployed over the network. However, IDS typically generates overwhelming amount of alerts, where one cannot simply aggregate or discard. In addition, the chance of a successful exploit depends on many hidden factors such as system status and attacker power, and thus the dependencies among exploits and conditions are typically too complicated to analyze under probability framework. In this paper, we employ expert system to deal with such uncertainties and conduct certainty factor inference. We show that analysis in fuzzy system is tractable and we propose an algorithm to analyze the network status and predict the potential attacks. Finally, we give a case study to illustrate our algorithm and evaluate the effectiveness of our approach on the DARPA data sets. ",

keywords = "Attack graph, Certainty factor, Intrusion diagnosis, Attack prediction",

author = "Xuejiao Liu and Chengfang Fang and Debao Xiao",

year = "2011",

doi = "10.1002/sec.293",

language = "English",

volume = "4",

pages = "1483--1494",

journal = "Security and Communication Networks",

issn = "1939-0114",

publisher = "Wiley-Blackwell",

number = "12",

}

TY - JOUR

T1 - Intrusion diagnosis and prediction with expert system

AU - Liu, Xuejiao

AU - Fang, Chengfang

AU - Xiao, Debao

PY - 2011

Y1 - 2011

N2 - Network diagnosis and attack prediction can help the network administrator to take timely actions to defend against well-planned attacks that exploit a chain of vulnerabilities. One important data source for such analysis is the alerts generated by intrusion detection systems (IDS) deployed over the network. However, IDS typically generates overwhelming amount of alerts, where one cannot simply aggregate or discard. In addition, the chance of a successful exploit depends on many hidden factors such as system status and attacker power, and thus the dependencies among exploits and conditions are typically too complicated to analyze under probability framework. In this paper, we employ expert system to deal with such uncertainties and conduct certainty factor inference. We show that analysis in fuzzy system is tractable and we propose an algorithm to analyze the network status and predict the potential attacks. Finally, we give a case study to illustrate our algorithm and evaluate the effectiveness of our approach on the DARPA data sets.

AB - Network diagnosis and attack prediction can help the network administrator to take timely actions to defend against well-planned attacks that exploit a chain of vulnerabilities. One important data source for such analysis is the alerts generated by intrusion detection systems (IDS) deployed over the network. However, IDS typically generates overwhelming amount of alerts, where one cannot simply aggregate or discard. In addition, the chance of a successful exploit depends on many hidden factors such as system status and attacker power, and thus the dependencies among exploits and conditions are typically too complicated to analyze under probability framework. In this paper, we employ expert system to deal with such uncertainties and conduct certainty factor inference. We show that analysis in fuzzy system is tractable and we propose an algorithm to analyze the network status and predict the potential attacks. Finally, we give a case study to illustrate our algorithm and evaluate the effectiveness of our approach on the DARPA data sets.

KW - Attack graph

KW - Certainty factor

KW - Intrusion diagnosis

KW - Attack prediction

UR - https://www.scopus.com/pages/publications/81855168291

U2 - 10.1002/sec.293

DO - 10.1002/sec.293

M3 - Article

AN - SCOPUS:81855168291

SN - 1939-0114

VL - 4

SP - 1483

EP - 1494

JO - Security and Communication Networks

JF - Security and Communication Networks

IS - 12

ER -

Intrusion diagnosis and prediction with expert system

Abstract

Keywords

Access to Document

Other files and links

Cite this