Forecasting multi-stage attacks

Date of Publication


Document Type

Bachelor's Thesis

Degree Name

Bachelor of Science in Computer Science

Subject Categories

Computer Sciences


College of Computer Studies


Computer Science

Thesis Adviser

Arlyn Ong

Defense Panel Member

Gregory G. Cu

Alexie Erese Ballon

Ann Franchesca B. Laguna


Multiphase attacks are known to target organizations, no matter how big or small is the organization, and even government related networks causing serious damage to critical infrastructure. As the need to prevent these attacks from succeeding, the researchers must first determine whether seemingly isolated attacks are part of an organized assault and what may possibly come next. Currently there are solutions that allows systems to identify attacks based on patterns from a given results from live network systems. These solutions have proven to be effective when identifying newly discovered threats where signature based approaches fail. Using the correlation and reporting functions of security information and events management solutions to help in data analysis in security events. When the signature’s pattern is identified, it is used to correlate with the other signatures and help identify a possible next phase of the multistage attack using prediction algorithms. The research has proven the possibility of forecasting multistage attacks phases. This is known through test results on data sets containing attacks gathered from simulations. Results from test results on data sets containing attacks gathered from simulations. Results from sets on datasets containing different kinds of attacks have shown that it is possible to forecast phased of multistage attacks that current security solutions are unable to address. By training a Hidden Markov model with different multistage attack sequences, the researchers are able to predict a stage of a multistage attack. The resulting HMM’s recognition rate of 33.33% shows that correlated sequences provide data enough for the models to be used in prediction of attack stages and attack events. A theoretical analysis backed by the testing and research indicates that a multistage attack can be predicted using observations gathered from a network packet.

Abstract Format






Accession Number


Shelf Location

Archives, The Learning Commons, 12F, Henry Sy Sr. Hall

Physical Description

1 v. (various foliations) : illustrations (some colored) ; 28 cm.


Computer networks--Security measures; Cyberspace--Security measures.

This document is currently not available here.