Browse by author
Lookup NU author(s): Dr Francisco Aparicio NavarroORCiD,
Professor Jonathon Chambers
This is the authors' accepted manuscript of a conference proceedings (inc. abstract) that has been published in its final definitive form by IEEE, 2018.
For re-use rights please refer to the publisher's terms and conditions.
© 2018 IEEE. The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs)need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA is to create a Point of Entry (PoE)to a target machine, which could be used as part of an Advanced Persistent Threat (APT)like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs in real-time by 58%.
Author(s): Aparicio-Navarro FJ, Kyriakopoulos KG, Ghafir I, Lambotharan S, Chambers JA
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: IEEE Military Communications Conference (MILCOM 2018)
Year of Conference: 2018
Online publication date: 03/01/2019
Acceptance date: 02/04/2018
Date deposited: 28/02/2019
Library holdings: Search Newcastle University Library for this item