Predicting multi-stage attacks based on IP information

Almutairi, Abdulrazaq; Flint, James; Parish, David J.

Abdulrazaq_Almutairi_ICITST2015_OK .pdf (388.56 kB)

Predicting multi-stage attacks based on IP information

conference contribution

posted on 2016-03-24, 15:40 authored by Abdulrazaq Almutairi, James FlintJames Flint, David J. Parish

Multi-stage attacks can evolve dramatically, causing much loss and damage to organisations. These attacks are frequently instigated by exploiting actions, which in isolation are legal, and are therefore particularly challenging to detect. Much research has been conducted in the multi-stage detection area, in order to build a framework based on an events correlation approach. This paper proposes a framework that predicts multi-stage attacks based on a different approach, which is an IP information evaluation. This approach was chosen after analysing three different multi-stage attack scenarios. This paper shows the analysis of those scenarios, detailing their steps and information hitherto unexploited in current intrusion detection systems. The paper also details the results obtained in the evaluation process, including detection and false positive rates.

History

School

Mechanical, Electrical and Manufacturing Engineering

Published in

The 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015)

Citation

ALMUTAIRI, A.Z., FLINT, J.A. and PARISH, D.J., 2015. Predicting multi-stage attacks based on IP information. IN: Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015), 14th-16th December 2015, London, pp. 384-390.

Publisher

Version

AM (Accepted Manuscript)

Acceptance date

2015-10-02

Publication date

2015

Notes

© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.