Design and Implementation of MAAM for Analyzing Attacks in Distributed Network Environments

Y.-T. Kim, D.-Y. Yoo, and B.-G. No (Korea)

Keywords

Intrusion Detection, Vulnerability, Attack Analysis, IDMEF, AdaBoost, Machine Learning,

Abstract

In large scale distributed network environment, in order to support response policy flexibly according to relevant security requirement level and risk level against cyber attacks, automatic intrusion response is needed for easy security management and real-time dynamic response. In this paper, we propose MAAM (Machine learning based Attack Analysis Mechanism) that analyzes risk level of attacks using not only diverse and heterogeneous intrusion detection information (or alerts) reported by intrusion detection systems but also potential vulnerability information of critical systems exploited by cyber attacks in distributed network environments. First, we utilize IDMEF (Intrusion Detection Message Exchange Format) data model, which can represent diverse and heterogeneous alerts. Second, we construct AAK (Attack Analysis Knowledge-base) to efficiently analyze intent of attackers and impact of attacks. In order to classify the training set more exactly in AAK, AdaBoost meta-learning technique is also used. At last, to ensure efficiency and accuracy of MAAM, we compare and simulate the five base learners (e.q., C4.5, Decision Stump, IB1, PART and Nave Bayes) applied to AdaBoost algorithm.

Important Links:



Go Back