Annual Computer Security Applications Conference 2011 Technical Track Papers

Full Program »

Nexat: A History-Based Approach to Predict Attacker Actions

Computer networks are constantly being targeted by different
attacks. Since not all attacks are created equal, it is of
paramount importance for network administrators to be aware
of the status of the network infrastructure, the relevance
of each attack with respect to the goals of the organization
under attack, and also the most likely next steps of the
attackers. In particular, the last capability, attack
prediction, is of the most importance and value to the
network administrators, as it enables them to provision the
required actions to stop the attack and/or minimize its
damage to the network's assets.

Unfortunately, the existing approaches to attack prediction
either provide limited useful information or are too
complex to scale to the real-world scenarios.


In this paper, we present a novel approach to the prediction
of the actions of the attackers. Our approach uses machine
learning techniques to learn the historical behavior of
attackers and then, at the run time, leverages this
knowledge in order to produce an estimate of the likely
future actions of the attackers. We implemented our approach
in a prototype tool, called Nexat, and validated its
accuracy leveraging a dataset from a hacking competition.
The evaluations shows that Nexat is able to predict the next
steps of attackers with very high accuracy. In addition,
Nexat requires little computational resources and can be run
in real-time for instant prediction of the attacks.

Author(s):

Amir Houmansadr    
University of Illinois at Urbana-Champaign
United States

Ali Zand    
UCSB
United States

Casey Cipriano    
UCSB
United States

Giovanni Vigna    
UCSB
United States

Christopher Kruegel    
UCSB
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC