Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Loughborough University Institutional Repository

Please use this identifier to cite or link to this item: https://dspace.lboro.ac.uk/2134/34219

Title: Multi-stage attack detection using contextual information
Authors: Kyriakopoulos, Konstantinos G.
Aparicio-Navarro, Francisco J.
Ghafir, Ibrahim
Lambotharan, Sangarapillai
Chambers, Jonathon
Keywords: Contextual information
Dempster-Shafer theory
Fuzzy cognitive maps
Intrusion detection system
MultiStage attack
Network security
Pattern-of-life
Point of entry
Issue Date: 2018
Publisher: © IEEE
Citation: KYRIAKOPOULOS, K.G. ...et al., 2018. Multi-stage attack detection using contextual information. Presented at IEEE Military Communications Conference (MILCOM 2018), Los Angeles, October 29 - 31st, pp. 920-925.
Abstract: The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA is to create a Point of Entry (PoE) to a target machine, which could be used as part of an APT like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs in real-time by 58%.
Description: © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Sponsor: This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) Grant number EP/K014307/2 and the MOD University Defence Research Collaboration in Signal Processing, and by the British Council UK-Gulf Institutional Link Grant and the EPSRC Grant numbers EP/R006385/1 and EP/R006377/1.
Version: Accepted for publication
DOI: 10.1109/MILCOM.2018.8599708
URI: https://dspace.lboro.ac.uk/2134/34219
Publisher Link: https://doi.org/10.1109/MILCOM.2018.8599708
ISBN: 9781538671856
ISSN: 2155-7586
Appears in Collections:Conference Papers and Presentations (Mechanical, Electrical and Manufacturing Engineering)

Files associated with this item:

File Description SizeFormat
Multi-Stage Attack Detection Using Contextual Information.pdfAccepted version1.07 MBAdobe PDFView/Open

 

SFX Query

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.