Use of Machine Learning Algorithms with SIEM for Attack Prediction

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 308)

Abstract

In the recent years, organizations face the ever growing challenge of providing security in the network infrastructure. An intrusion detection system is essentially a spruced up, intelligent variant of a firewall which does deep packet analysis which generate alerts but cannot predict multistep attacks. In this work, we propose an intrusion prediction system (IPS) with the extension of a commercial SIEM framework, namely open source security information management (OSSIM), to perform the event analysis and to predict future probable multistep attacks before they pose a serious security risk. Security information and event management (SIEM) framework affirms network protection by the correlation and management of network log files. Data mining techniques are used for processing of all normalized data from OSSIM and also for classification.

Keywords

SIEM OSSIM Rapidminer SVM Network log files 

References

  1. 1.
    Liu, S., Zhou, Z., Zhan, M.: Toward intelligent intrusion prediction for wireless sensor networks using three-layer brain-like learning. Int. J. Distrib. Sens. Netw. 2012(243841), 14 (2012)Google Scholar
  2. 2.
    MeeraGandhi, G.: Machine learning approach for attack prediction and classification using supervised learning algorithms. Int. J. Comput. Sci. Commun. 1(2), July–December (2010)Google Scholar
  3. 3.
    Abadyz, C., Taylory, J., Senguly, C.: Log Correlation for Intrusion Detection: A Proof of ConceptGoogle Scholar
  4. 4.
    Zope, A.R., Vidhate, A.: Data minding approach in security information and event management. J. Future Comput. Commun. (2013)Google Scholar
  5. 5.
    Oo, T.T., Phyu, T.: A statistical approach to classify and identify DDoS attacks using UCLA dataset. Int. J. Adv. Res. Comput. Sci. Technol. (IJARCET) 2(5) (2013)Google Scholar
  6. 6.
    Hu, W., Liao, Y., Vemuri, V.R.: Robust Anomaly Detection Using Support Vector MachinesGoogle Scholar

Copyright information

© Springer India 2015

Authors and Affiliations

  1. 1.TIFAC Core in Cyber SecurityAmrita Vishwa VidyapeethamCoimbatoreIndia

Personalised recommendations