Ourston et al., 2003 - Google Patents
Applications of hidden markov models to detecting multi-stage network attacksOurston et al., 2003
View PDF- Document ID
- 3993197830952176838
- Author
- Ourston D
- Matzner S
- Stump W
- Hopkins B
- Publication year
- Publication venue
- 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the
External Links
Snippet
This paper describes an approach using hidden Markov models (HMM) to detect complex Internet attacks. These attacks consist of several steps that may occur over an extended period of time. Within each step, specific actions may be interchangeable. A perpetrator may …
- 238000000034 method 0 abstract description 16
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6267—Classification techniques
- G06K9/6279—Classification techniques relating to the number of classes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F19/00—Digital computing or data processing equipment or methods, specially adapted for specific applications
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ourston et al. | Applications of hidden markov models to detecting multi-stage network attacks | |
| US10848508B2 (en) | Method and system for generating synthetic feature vectors from real, labelled feature vectors in artificial intelligence training of a big data machine to defend | |
| Nkiama et al. | A subset feature elimination mechanism for intrusion detection system | |
| Ektefa et al. | Intrusion detection using data mining techniques | |
| US20050144480A1 (en) | Method of risk analysis in an automatic intrusion response system | |
| CN110198303A (en) | Threaten the generation method and device, storage medium, electronic device of information | |
| CN115987544A (en) | Network security threat prediction method and system based on threat intelligence | |
| Gupta | An effective model for anomaly IDS to improve the efficiency | |
| EP4024252B1 (en) | A system and method for identifying exploited cves using honeypots | |
| Ourston et al. | Coordinated internet attacks: responding to attack complexity | |
| Almotairi et al. | Efficient Intrusion Detection using OptCNN-LSTM Model based on hybrid Correlation-based Feature Selection in IoMT. | |
| CN119728202A (en) | A threat detection system based on the ATT&CK framework | |
| WO2018071356A1 (en) | Graph-based attack chain discovery in enterprise security systems | |
| Alrefaei et al. | Ensemble deep learning model based on multi-class classification technique to detect cyber attacks in IoT environment | |
| Novikov et al. | Artificial intelligence approaches for intrusion detection | |
| Leevy et al. | Feature evaluation for IoT botnet traffic classification | |
| Nia et al. | An efficient modeling algorithm for intrusion detection systems using C5. 0 and Bayesian Network structures | |
| CN117544386A (en) | Deep learning-based security event processing method and system | |
| Turcotte et al. | Automated Alert Classification and Triage (AACT): An Intelligent System for the Prioritisation of Cybersecurity Alerts | |
| Bateni et al. | Alert correlation using artificial immune recognition system | |
| Amen et al. | Machine Learning for Multiple Stage Phishing URL Prediction | |
| Amora et al. | AI-Driven Real-Time Severity Prediction for Cyber Attacks using Machine Learning | |
| CN113468555A (en) | Method, system and device for identifying client access behavior | |
| Venosa et al. | A better infected hosts detection combining ensemble learning and threat intelligence | |
| Kumar et al. | Advance Threat Detection Using Machine Learning Techniques With Ssh Honeypot An Integrated Approach |