Forecasting multi-stage attacks
Date of Publication
Bachelor of Science in Computer Science
College of Computer Studies
Defense Panel Member
Gregory G. Cu
Alexie Erese Ballon
Ann Franchesca B. Laguna
Multiphase attacks are known to target organizations, no matter how big or small is the organization, and even government related networks causing serious damage to critical infrastructure. As the need to prevent these attacks from succeeding, the researchers must first determine whether seemingly isolated attacks are part of an organized assault and what may possibly come next. Currently there are solutions that allows systems to identify attacks based on patterns from a given results from live network systems. These solutions have proven to be effective when identifying newly discovered threats where signature based approaches fail. Using the correlation and reporting functions of security information and events management solutions to help in data analysis in security events. When the signatureâ€™s pattern is identified, it is used to correlate with the other signatures and help identify a possible next phase of the multistage attack using prediction algorithms. The research has proven the possibility of forecasting multistage attacks phases. This is known through test results on data sets containing attacks gathered from simulations. Results from test results on data sets containing attacks gathered from simulations. Results from sets on datasets containing different kinds of attacks have shown that it is possible to forecast phased of multistage attacks that current security solutions are unable to address. By training a Hidden Markov model with different multistage attack sequences, the researchers are able to predict a stage of a multistage attack. The resulting HMMâ€™s recognition rate of 33.33% shows that correlated sequences provide data enough for the models to be used in prediction of attack stages and attack events. A theoretical analysis backed by the testing and research indicates that a multistage attack can be predicted using observations gathered from a network packet.
Archives, The Learning Commons, 12F, Henry Sy Sr. Hall
1 v. (various foliations) : illustrations (some colored) ; 28 cm.
Computer networks--Security measures; Cyberspace--Security measures.
Aldaba, A. C., Baldeo, J. U., Nufable, R. D., & Ong, A. T. (2014). Forecasting multi-stage attacks. Retrieved from https://animorepository.dlsu.edu.ph/etd_bachelors/11180