TY - JOUR
T1 - Network entity characterization and attack prediction
AU - Bartos, Vaclav
AU - Zadnik, Martin
AU - Habib, Sheikh Mahbub
AU - Vasilomanolakis, Emmanouil
PY - 2019/8
Y1 - 2019/8
N2 - The devastating effects of cyber-attacks, highlight the need for novel attack detection and prevention techniques. Over the last years, considerable work has been done in the areas of attack detection as well as in collaborative defense. However, an analysis of the state of the art suggests that many challenges exist in prioritizing alert data and in studying the relation between a recently discovered attack and the probability of it occurring again. In this article, we propose a system that is intended for characterizing network entities and the likelihood that they will behave maliciously in the future. Our system, namely Network Entity Reputation Database System (NERDS), takes into account all the available information regarding a network entity (e.g. IP address) to calculate the probability that it will act maliciously. The latter part is achieved via the utilization of machine learning. Our experimental results show that it is indeed possible to precisely estimate the probability of future attacks from each entity using information about its previous malicious behavior and other characteristics. Ranking the entities by this probability has practical applications in alert prioritization, assembly of highly effective blacklists of a limited length and other use cases.
AB - The devastating effects of cyber-attacks, highlight the need for novel attack detection and prevention techniques. Over the last years, considerable work has been done in the areas of attack detection as well as in collaborative defense. However, an analysis of the state of the art suggests that many challenges exist in prioritizing alert data and in studying the relation between a recently discovered attack and the probability of it occurring again. In this article, we propose a system that is intended for characterizing network entities and the likelihood that they will behave maliciously in the future. Our system, namely Network Entity Reputation Database System (NERDS), takes into account all the available information regarding a network entity (e.g. IP address) to calculate the probability that it will act maliciously. The latter part is achieved via the utilization of machine learning. Our experimental results show that it is indeed possible to precisely estimate the probability of future attacks from each entity using information about its previous malicious behavior and other characteristics. Ranking the entities by this probability has practical applications in alert prioritization, assembly of highly effective blacklists of a limited length and other use cases.
KW - Alert prioritization
KW - Alert sharing
KW - Attack prediction
KW - Machine learning
KW - Network security
KW - Reputation database
UR - http://www.scopus.com/inward/record.url?scp=85063286903&partnerID=8YFLogxK
U2 - 10.1016/j.future.2019.03.016
DO - 10.1016/j.future.2019.03.016
M3 - Journal article
AN - SCOPUS:85063286903
SN - 0167-739X
VL - 97
SP - 674
EP - 686
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -