Enhancing Multi-Step Attack Prediction using Hidden Markov Model and Naive Bayes

摘要

Attacks that occur in a series of stages are termed as Multi-stage attacks. These attacks follow a path, wherein each stage is an attack in itself. Traditional Intrusion Detection Systems (IDS) are less capable of predicting such attacks. In this paper, Machine Learning models have been built that are most widely used and ideal for prediction. These two models are the Hidden Markov Model (HMM) and Naive Bayes. These models are built using the famous KDDCUP'99 network intrusion dataset. The paper also proposes a multi-stage Naive Bayes architecture that predicts each stage of the multi-stage attack scenario. The paper does a comparative study of these two models based on the accuracy of prediction. Experiments carried out in this research prove HMMs to give higher accuracy compared to Naive Bayes.