A Bayesian Belief Network Model For Detecting Multi-stage Attacks With Malicious IP Addresses

Full Text (PDF, 1219KB), PP.30-41

Views: 0 Downloads: 0

Author(s)

Alile S. O. 1,* Egwali A. O. 1

1. Department of Computer Science University of Benin, Benin City, Edo State, Nigeria

* Corresponding author.

DOI: https://doi.org/10.5815/ijwmt.2020.02.04

Received: 1 Nov. 2019 / Revised: 6 Dec. 2019 / Accepted: 28 Dec. 2019 / Published: 8 Apr. 2020

Index Terms

Multi Stage Attack, Malicious IP Address, Bayesian Belief Network

Abstract

Multi-stage attacks are attacks executed in phases where each phase of the attack solely relies on the completion of the preceding phase.  These attacks are so intelligently designed that they are able to elude detection from most network instruction detection systems and they are capable of penetrating sophisticated defenses.  In this paper, we proposed and simulated a Bayesian Belief Network Model to predict Multi-stage Attacks with Malicious IP.  The model was designed using Bayes Server and tested with data collected from cyber security repository.  The model had a 99% prediction accuracy. 

Cite This Paper

Alile S.O , Egwali A.O, " A Bayesian Belief Network Model For Detecting Multi-stage Attacks With Malicious IP Addresses ", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.10, No.2, pp. 30-41, 2020. DOI: 10.5815/ijwmt.2020.02.04

Reference

[1]Dawkins J. and Hale J (2004) A Systematic Approach to Multi-stage Network Attack Analysis, IEEE. pp1-3 

[2]Amiri and Nowroozi (2015): “OMADM: Online Multi-step Attack Detection Method”. International Journal of Computer & Information Technologies (IJOCIT). ISSN = 2345-3877. pp 2.

[3]Valeur,F., Vigna, G., Kruegel, C. and. Kemmerer, R. A. (2004): “Comprehensive Approach    To Intrusion Detection Alert Correlation,” IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 3, Jul. 2004. pp 1- 8

[4]Rouse, M. (2016): “Blacklist Definition”. Retrieved from URL: www.techtarget.com/definition/blacklist/. 

[5]Papadopoulos, P., Petsas, T., Christou G. and Vasiliadis, G (2015):“MAD-A Middleware Framework for Multi-step Attack Detection”. Institute of Computer Science, Foundation for Research and Technology-hellas. pp 2.

[6]Ibor, A.E.,  Oladeji, F.A.,  Okunoye, O.B., Uwadia, C.O.  (2019): “Deep Learning Model for Predicting Multistage Cyberattacks”. The Journal of Computer Science and Its Applications, Vol. 26, No 1, June, 2019.

[7]Almseidin, M., Piller, I., Al-Kasassbeh, M., and Kovacs, S., (2019): “Fuzzy Automaton as a Detection Mechanism for the Multi-Step Attack”. International Journal on Advanced Science Engineering Information Technology, Vol.9 (2019) No. 2, ISSN: 2088-5334. pp 1-12.

[8]Almutairi, A.Z., Flint, J.A. and Parish, D.J., (2015): “Predicting multi-stage attacks based on IP information”. IN: Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015), 14th-16th December 2015, London, pp. 384-390.

[9]Almutairi, A.Z., Flint, J.A. and Parish, D.J., (2016): “Predicting Multi-stage Attacks Based on Hybrid Approach”. International Journal for Information Security Research, 5 (3), pp. 582 – 590.

[10]Cole, R. (2013): “Multi-Step Attack Detection via Bayesian Modeling under Model Parameter Uncertainty”. pp 3-92.

[11]Katipally, R., Gasior W., Cui, X., and Yang, L.(2010):"Multi stage Attack Detection System for Network Administrators using Data Mining" pp1-4.

[12]Ourston, D., Matzner. S., Stump, W., and Hopkins, B. (2003): “Applications of Hidden Markov Models To Detecting Multistage Network Attacks”. System Sciences, 2003. Proceedings of the 36th Annual Hawaii International Conference. Print ISBN: 0-7695-1874-5, INSPEC Accession Number: 8150553, DOI: 10.1109/HICSS.2003.1174909. pp. 1-10.

[13]Qin, X. and Lee, W. (2004): “Attack Plan Recognition and Prediction using Casual Networks”. Pp 1-5. Georgia Institute of Technology,Atlanta, GA 30332, U.S.A.{xinzhou, wenke}@cc.gatech.edu

[14]Ben-Gal, I. (2007). “Bayesian Networks”. Encyclopedia of Statistics in Quality and  Reliability. John Wiley and Sons, Ltd. Retrieved May 15th 2018 from www.eng.tau.ac.il/bengal/BN.pdf/

[15]Cybersecurity IDS Dataset (2018): “Cybersecurity Intrusion Detection System Dataset”. Retrieved 10th June 2018, from URL: http://www.cybersecurity.unsw.adfa.edu.au/ADFA%20IDS%20Datasets/.