Real Time Intrusion Prediction Based on Optimized Alerts With Hidden Markov Model
Cyber attacks and malicious activities are rapidly becoming a major threat to proper secure organization. Many security tools may be installed in distributed systems and monitor all events in a network. Security managers often have to process huge numbers of alerts per day, produced by such tools. Intrusion prediction is an important technique to help response systems reacting properly before the network is compromised. In this paper, the authors propose a framework to predict multi-step attacks before they pose a serious security risk. Hidden Markov Model (HMM) is used to extract the interactions between attackers and networks. Since alerts correlation plays a critical role in prediction, a modulated alert severity through correlation concept is used instead of just individual alerts and their severity.