Architectures for Detecting Real-time Multiple Multi-stage Network Attacks Using Hidden Markov Model
share
With the growing Cyber threats, the need to develop high assurance Cyber systems is becoming increasingly important. The objective of this paper is to address the challenges of modeling and detecting sophisticated and diversified network attacks. Using one of the important statistical machine learning (ML) techniques, Hidden Markov Models (HMM), we develop two architectures that can detect and track in real-time the progress of these organized attacks. These architectures are based on developing a database of HMM templates and exhibit varying performance and complexity. For performance evaluation, in the presence of multiple multi-stage attack scenarios, various metrics are proposed which include (1) attack risk probability, (2) detection error rate, and (3) the number of correctly detected stages. Extensive simulation experiments are used based on the DARPA2000 dataset to demonstrate the efficacy of the proposed architectures.
READ FULL TEXT