Toggle Main Menu Toggle Search

Open Access padlockePrints

Multi-Stage Attack Detection Using Contextual Information

Lookup NU author(s): Dr Francisco Aparicio NavarroORCiD, Professor Jonathon Chambers



This is the authors' accepted manuscript of a conference proceedings (inc. abstract) that has been published in its final definitive form by IEEE, 2018.

For re-use rights please refer to the publisher's terms and conditions.


© 2018 IEEE. The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs)need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA is to create a Point of Entry (PoE)to a target machine, which could be used as part of an Advanced Persistent Threat (APT)like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs in real-time by 58%.

Publication metadata

Author(s): Aparicio-Navarro FJ, Kyriakopoulos KG, Ghafir I, Lambotharan S, Chambers JA

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: IEEE Military Communications Conference (MILCOM 2018)

Year of Conference: 2018

Pages: 920-925

Online publication date: 03/01/2019

Acceptance date: 02/04/2018

Date deposited: 28/02/2019

ISSN: 2155-7586

Publisher: IEEE


DOI: 10.1109/MILCOM.2018.8599708

Library holdings: Search Newcastle University Library for this item

ISBN: 9781538671856