Approach for Active Event Correlation for Detecting Advanced Multi-Level Cyber-Attacks

Authors

  • Dr. Kaja Masthan, Mr. Balam Suresh Kumar, Dr. B. Barani Sundaram, Dr. Balachandra Pattanaik, Mr. Elangovan B., Dr. N. Kannaiya Raja

Abstract

Many recent laptop assaults were released in a couple of ranges to avoid the detection of current Intrusion Detection Systems (IDS). Some tiers of the assault can also seem innocent if checked one at a time. Furthermore, the periods between these separate assault levels can be at the order of hours, days, or maybe months. These traits of multi-stage attacks make the detection undertaking hard for maximum present IDSs which are stateless in that they carry out intrusion detection through independently checking man or woman packets, connections or periods. In this paper, we propose a unique approach, Active Event Correlation (AEC), which collects and correlates suspicious network activities internal a Network Intrusion Detection System (NIDS). AEC infers the opportunity of attacks within the context of safety policies and blocks assaults before they may be finished. We have applied AEC on pinnacle of the Bro NIDS. Experiments imply that AEC can efficaciously understand and correlate man or woman ranges of multi-degree attacks, forestall incomplete attack levels, and supply network administrator’s meaningful and concise alerts. In this paper, we correlate detectable suspicious activities with the aid of combining complementary country of the art strategies, which carry out correlation along one-of-a-kind axis.

Published

2020-02-29

Issue

Section

Articles