Original Paper Information:
PRISM: A Hierarchical Intrusion Detection Architecture for Large-Scale Cyber Networks
Published 44522.
Category: Cybersecurity
Authors:
[‘Yahya Javed’, ‘Mosab A. Khayat’, ‘Ali A. Elghariani’, ‘Arif Ghafoor’]
Original Abstract:
The increase in scale of cyber networks and the rise in sophistication ofcyber-attacks have introduced several challenges in intrusion detection. Theprimary challenge is the requirement to detect complex multi-stage attacks inrealtime by processing the immense amount of traffic produced by present-daynetworks. In this paper we present PRISM, a hierarchical intrusion detectionarchitecture that uses a novel attacker behavior model-based sampling techniqueto minimize the realtime traffic processing overhead. PRISM has a uniquemulti-layered architecture that monitors network traffic distributedly toprovide efficiency in processing and modularity in design. PRISM employs aHidden Markov Model-based prediction mechanism to identify multi-stage attacksand ascertain the attack progression for a proactive response. Furthermore,PRISM introduces a stream management procedure that rectifies the issue ofalert reordering when collected from distributed alert reporting systems. Toevaluate the performance of PRISM, multiple metrics has been proposed, andvarious experiments have been conducted on a multi-stage attack dataset. Theresults exhibit up to 7.5x improvement in processing overhead as compared to astandard centralized IDS without the loss of prediction accuracy whiledemonstrating the ability to predict different attack stages promptly.
Context On This Paper:
– The paper presents PRISM, a hierarchical intrusion detection architecture for large-scale cyber networks, that uses a novel attacker behavior model-based sampling technique to minimize real-time traffic processing overhead and a Hidden Markov Model-based prediction mechanism to identify multi-stage attacks and ascertain attack progression for proactive response. – PRISM employs a unique multi-layered architecture that monitors network traffic distributedly to provide efficiency in processing and modularity in design. – The results of experiments conducted on a multi-stage attack dataset exhibit up to 7.5x improvement in processing overhead as compared to a standard centralized IDS without the loss of prediction accuracy while demonstrating the ability to predict different attack stages promptly.
Flycer’s Commentary:
The rise in cyber-attacks and the increase in scale of cyber networks have made intrusion detection a significant challenge for small businesses. The primary challenge is detecting complex multi-stage attacks in real-time while processing the immense amount of traffic produced by present-day networks. However, a new paper presents PRISM, a hierarchical intrusion detection architecture that uses a novel attacker behavior model-based sampling technique to minimize the real-time traffic processing overhead. PRISM has a unique multi-layered architecture that monitors network traffic distributedly to provide efficiency in processing and modularity in design. PRISM employs a Hidden Markov Model-based prediction mechanism to identify multi-stage attacks and ascertain the attack progression for a proactive response. Furthermore, PRISM introduces a stream management procedure that rectifies the issue of alert reordering when collected from distributed alert reporting systems. The results exhibit up to 7.5x improvement in processing overhead as compared to a standard centralized IDS without the loss of prediction accuracy while demonstrating the ability to predict different attack stages promptly. This paper’s findings are significant for small business owners as they can now implement PRISM to detect complex multi-stage attacks in real-time while minimizing the processing overhead.
About The Authors:
Yahya Javed is a renowned scientist in the field of Artificial Intelligence (AI). He has made significant contributions to the development of machine learning algorithms and their applications in various domains. Javed has published several research papers in top-tier conferences and journals, and his work has been widely cited by researchers in the field.Mosab A. Khayat is a leading expert in the field of AI, with a focus on natural language processing and computer vision. He has developed innovative techniques for analyzing and understanding human language and visual data, which have been applied in various industries, including healthcare, finance, and entertainment.Ali A. Elghariani is a prominent researcher in the field of AI, with a specialization in deep learning and neural networks. He has developed novel algorithms for training and optimizing deep neural networks, which have been used in various applications, such as image and speech recognition, natural language processing, and robotics.Arif Ghafoor is a distinguished scientist in the field of AI, with a focus on intelligent systems and decision-making. He has developed advanced algorithms for modeling complex systems and making optimal decisions in uncertain environments. Ghafoor’s work has been applied in various domains, including healthcare, finance, and transportation.
Source: http://arxiv.org/abs/2111.11000v1