E-NIPS: an event-based network intrusion prediction system

Authors:
Pradeep Kannadiga;Mohammad Zulkernine;Anwar Haque
Affiliations:
School of Computing, Queen's University, Kingston, Ontario, Canada;School of Computing, Queen's University, Kingston, Ontario, Canada;Network Planning, Bell Canada, Hamilton, Ontario, Canada
Venue:
ISC'07 Proceedings of the 10th international conference on Information Security
Year:
2007

Citing 10
Cited 0

Security audit trail analysis using inductively generated predictive rules

Proceedings of the sixth conference on Artificial intelligence applications
A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
A requires/provides model for computer attacks

Proceedings of the 2000 workshop on New security paradigms
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Hacking Exposed 5th Edition (Hacking Exposed)

Hacking Exposed 5th Edition (Hacking Exposed)
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts

Computer Communications
Probabilistic techniques for intrusion detection based on computer audit data

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Network intrusion detection

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection systems (IDSs) can detect and respond to various attacks. However, they cannot detect all attacks, and they are not capable of predicting future attacks. In this research, we propose an automatic intrusion prediction system (IPS) called E-NIPS (Event-based Network Intrusion Prediction System) that can not only detect attacks but also predict future probable attacks. We have utilized network penetration scenarios partitioned into multiple phases depending on the sequences they follow during network penetrations. Each of these phases consists of attack classes that are precursors to attack classes of the next phase. An attack class is a set of attacks that have same the objectives, categorized to generalize network penetration scenarios and to reduce the burden on the prediction engine during intrusion alerts correlation and prediction tasks. Future attacks are predicted based on the attack classes detected in an earlier phase of a penetration scenario. Automatic intrusion prediction provides little but very crucial time required for fortifying networks against attacks, warns network administrators about possible attacks, and reduces the damage caused due to attacks. In this paper, we describe the architecture, operation, and implementation of E-NIPS. The prototype implementation is evaluated based on some of the most commonly occurring network penetration scenarios. The experimental results show that the prototype automatically provides useful information about the occurrence of future attack events.