Time series analyses for forecasting network intrusions

摘要

Intrusion Detection Systems are fast-growing techniques for monitoring and garnering electronic evidences about suspicious activities that signify threats to computer systems. Generally, these mechanisms overwhelmingly describe and record patterns of suspicious packets as alerts in the form of intrusion logs. Thereafter, analysts must subsequently validate the content of each intrusion log to ascertain the validity of each alert. Secondly, high level of expertise is required to discern each alert. However, more time and resources are unduly spent at the expense of countermeasures that ought to be proactively initiated to thwart attacks in progress. Accordingly, TSA-Log analyzer that uses a computationally fast technique and a uniform baseline to determine patterns of intrusions is proposed in this paper. Validations that are carried out on five publicly available datasets demonstrate that propagation strategies of intrusions, efficient countermeasures and the extent of similarity of intrusions can be forecasted giving the knowledge of the patterns of alerts in intrusion logs.