Abstract—With the advance on computer science technology, the attackers’ ability has continuously improved as well, and their artifices are getting more and more sophisticated. To secure the system, an intrusion detection system is usually deployed to notice the administrator when abnormal events happen. However, due to the poor quality of IDS alerts, massive quantity of alerts will hold analysts back when defending. Furthermore, it is not enough to avoid the attacking threats only knowing current crisis. With the assist of prediction, defenders can one step ahead of the attackers to increase the successful defense rate. In this paper, we propose a network attack prediction framework based on the improved attack graph. Two probability propagation functions are designed to update the probabilities for the next connected nodes. Through the pre-drawn probability attack graph, the administrator can realize all possible weak spots and attack paths in the system. Moreover, this paper provides a mapping function to map the exact alert as an evidence to the node of the attack graph to recalculate the probabilities in the attack graph and predict the most likely attacking path in the current situation.
Index Terms—Attack graph, intrusion detection system, evidence mapping, network vulnerability analysis.
Chih-Hung Wang and Ren-Wei Liou are with Department of Computer Science and Information Engineering, National Chiayi University, Chiayi, Taiwan (e-mail: wangch@mail.ncyu.edu.tw, s1040489@mail.ncyu.edu.tw).
[PDF]
Cite:Chih-Hung Wang and Ren-Wei Liou, "Attack Strategy Prediction with Precisely Estimated Probability and Evidence Mapping," Journal of Advances in Computer Networks vol. 6, no. 1, pp. 18-23, 2018.
