Intrusion Prediction: Keeping One Step Ahead of the Bad Guys

Trying to figure out when and where network intruders will attack next is a lot like trying to decide when weather-wise it's okay to book flight connections through Denver. You just never can tell.

Which is why the interest in the field of "intrusion prediction modeling" is picking up. Intrusion prediction uses mathematical models and algorithms to forecast what network intruders will do once they've breeched a network. The method provides information about how intruders will react to certain defense systems and network architectures, letting administrators reduce the damage caused by individual attacks. The data collected through the process can help in predicting future cyber intrusions.

"The implementation of intrusion prediction into existing cybersecurity systems is believed by many experts to be the next step in elevating network defense," says Shanchieh Jay Yang, an assistant professor of computer engineering at the Rochester Institute of Technology. "By modeling how a hacker will act within a network, administrators can better create protocols to defend essential data and reduce the impact of the intrusion to the overall network."

According to what Yang recently told EE Times, intrusion prediction software first filters out false alarms and not-so-important alerts of anomalous activity. It then correlates different alert systems to the number of attackers.

As you can probably guess, there are all kinds of interesting technologies below the surface, including in some approaches that use genetic algorithms, neural networks, fuzzy logic, and the like (see, for instance, Neural Network Approach for Anomaly Intrusion Detection in Adhoc Networks Using Agents.)

-- Jonathan Erickson
jerickson@ddj.com

Posted by Jon Erickson at 11:31 AM  Permalink