Full Program »
Nexat: A History-Based Approach to Predict Attacker Actions
attacks. Since not all attacks are created equal, it is of
paramount importance for network administrators to be aware
of the status of the network infrastructure, the relevance
of each attack with respect to the goals of the organization
under attack, and also the most likely next steps of the
attackers. In particular, the last capability, attack
prediction, is of the most importance and value to the
network administrators, as it enables them to provision the
required actions to stop the attack and/or minimize its
damage to the network's assets.
Unfortunately, the existing approaches to attack prediction
either provide limited useful information or are too
complex to scale to the real-world scenarios.
In this paper, we present a novel approach to the prediction
of the actions of the attackers. Our approach uses machine
learning techniques to learn the historical behavior of
attackers and then, at the run time, leverages this
knowledge in order to produce an estimate of the likely
future actions of the attackers. We implemented our approach
in a prototype tool, called Nexat, and validated its
accuracy leveraging a dataset from a hacking competition.
The evaluations shows that Nexat is able to predict the next
steps of attackers with very high accuracy. In addition,
Nexat requires little computational resources and can be run
in real-time for instant prediction of the attacks.
Author(s):
Amir Houmansadr
University of Illinois at Urbana-Champaign
United States
Ali Zand
UCSB
United States
Casey Cipriano
UCSB
United States
Giovanni Vigna
UCSB
United States
Christopher Kruegel
UCSB
United States