Performance Assessment of Network Intrusion-Alert Prediction
Khong, Farn Wei Jason
Darken, Christian J.
Rowe, Neil C.
Tan, Kian-Moh Terence
MetadataShow full item record
In the current global cyber warfare landscape, cyber attacks on infrastructure are a serious threat. Although network administrators use intrusion detection systems (IDSs) to detect threats and anomalies, they usually only offer post-attacks alerts. If we could predict malicious activities, we could allow network administrators or security enhancing software to take appropriate actions in advance of damage occurring. Incoming intrusion detection alerts can be considered as a sequence. We used Pytbull to simulate cyber attacks within a testbed network environment and collected Snort generated intrusion detection alerts. We tested four sets of alert-prediction programs with this data Single-Scope Blending algorithm, a Simple Bayesian Mixture algorithm, a Multiple Simple Bayesian algorithm and a Variable Markov Model algorithm. The harmonic mean of the precision and recall (F-score) measured prediction accuracy. The Single-Scope Blending algorithm performed the best in these tests, especially in a multiple attacker environment.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Rhoden, Christopher A. (Monterey, California. Naval Postgraduate School, 1994-06);The Simplex algorithm, developed by George B. Dantzig in 1947 represents a quantum leap in the ability of applied scientists to solve complicated linear optimization problems. Subsequently, its utility in solving finite ...
Huang, Jo-Wen (Monterey, California: Naval Postgraduate School, 2017-06);With the development and advancement in the technology of control and multi-robot systems, robot agents are likely to take over mine countermeasure (MCM) missions one day. The path planning coverage algorithm is an essential ...
Zyda, Michael J. (Monterey, California. Naval Postgraduate School, 1984-09); NPS-52-84-013We present in this study the architectural specification and feasibility determination for a real-time contour display generator. We begin by examining a recently reported, highly decomposable algorithm for contour surface ...