Abstract
This paper proposes an intrusion prediction system in which network log file entries are used for the prediction of attacks. Good filtering and classification techniques helps to process huge amount of data and find patterns of anomalies pertaining to network attacks. The techniques used in this paper are Naive Bayes and Adaboost Cost Sensitive Learning algorithms. The network log files obtained from network devices like IDS, Firewalls etc. are collected, normalized and correlated with the help of Alienvault SIEM and the fields which are important for classification are extracted. Next, the training data is classified with the help of Naive Bayes and misclassified entries are passed on to Cost Sensitive variant of Adaboost by which the classification rate is improved. Now with the help of this train data the system creates an attack model with the help of which it predicts whether an attack is about to happen or not.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Farid, D.M., Rahman, M.Z., Rahman, C.M.: Adaptive Intrusion Detection based on Boosting and Naive Bayesian Classifier. International Journal of Computer Applications 24(3) (2011)
Panda, M., Patra, M.R.: Network Intrusion Detection using Naive Bayes. International Journal of Computer Science and Network Security 7(12), 258–263 (2007)
Sun, Y., et al.: Cost-sensitive boosting for classification of imbalanced data. Pattern Recognition 40(12), 3358–3378 (2007)
Abad, C., et al.: Log correlation for intrusion detection: A proof of concept. In: 19th Annual IEEE Conference on Computer Security Applications (2003)
Natesan, P., Balasubramanie, P., Gowrison, G.: Improving the Attack Detection Rate in Network Intrusion Detection using Adaboost Algorithm. Journal of Computer Science 8(7), 1041 (2012)
Forte, D.V.: The Art of log correlation-Tools and Techniques for Correlating Events and Log Files. Computer Fraud & Security 2004(8), 15–17 (2004)
Kannadiga, P., Zulkernine, M., Haque, A.: E-NIPS: An event-based network intrusion prediction system. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 37–52. Springer, Heidelberg (2007)
Sendi, A.S., Dagenais, M., Jabbarifar, M., Couture, M.: Real Time Intrusion Prediction based on Optimized Alerts with Hidden Markov Model. Journal of Networks 7(2), 311–321 (2012)
Kruegel, C., Tóth, T., Kerer, C.: Decentralized event correlation for intrusion detection. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, p. 114. Springer, Heidelberg (2002)
Wang, L., Liu, A., Jajodia, S.: Using Attack Graphs for Correlating, Hypothesizing and Predicting Intrusion Alerts. Computer Communications 29(15), 2917–2933 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Menon, R.P. (2015). Log Analysis Based Intrusion Prediction System. In: Satapathy, S., Govardhan, A., Raju, K., Mandal, J. (eds) Emerging ICT for Bridging the Future - Proceedings of the 49th Annual Convention of the Computer Society of India (CSI) Volume 1. Advances in Intelligent Systems and Computing, vol 337. Springer, Cham. https://doi.org/10.1007/978-3-319-13728-5_46
Download citation
DOI: https://doi.org/10.1007/978-3-319-13728-5_46
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13727-8
Online ISBN: 978-3-319-13728-5
eBook Packages: EngineeringEngineering (R0)