Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey

Hashim Albasheer; Maheyzah Md Siraj; Azath Mubarakali; Omer Elsier Tayfour; Sayeed Salih; Mosab Hamdan; Suleman Khan; Anazida Zainal; Sameer Kamarudeen

doi:10.3390/s22041494

Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey

Hashim Albasheer
, Maheyzah Md Siraj^*
, Azath Mubarakali
, Omer Elsier Tayfour
, Sayeed Salih
, Mosab Hamdan
, Suleman Khan
, Anazida Zainal
, Sameer Kamarudeen

^*Corresponding author for this work

Research output: Contribution to journal › Review article › peer-review

59 Scopus citations

Abstract

Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterprise networks against cyber-attacks. However, NIDS networks suffer from several limitations, such as generating a high volume of low-quality alerts. Moreover, 99% of the alerts produced by NIDSs are false positives. As well, the prediction of future actions of an attacker is one of the most important goals here. The study has reviewed the state-of-the-art cyber-attack prediction based on NIDS Intrusion Alert, its models, and limitations. The taxonomy of intrusion alert correlation (AC) is introduced, which includes similarity-based, statistical-based, knowledge-based, and hybrid-based approaches. Moreover, the classification of alert correlation components was also introduced. Alert Correlation Datasets and future research directions are highlighted. The AC receives raw alerts to identify the association between different alerts, linking each alert to its related contextual information and predicting a forthcoming alert/attack. It provides a timely, concise, and high-level view of the network security situation. This review can serve as a benchmark for researchers and industries for Network Intrusion Detection Systems’ future progress and development.

Original language	English
Article number	1494
Journal	Sensors
Volume	22
Issue number	4
DOIs	https://doi.org/10.3390/s22041494
State	Published - 1 Feb 2022
Externally published	Yes

Bibliographical note

Publisher Copyright:
© 2022 by the authors. Licensee MDPI, Basel, Switzerland.

Keywords

Alerts correlation
Attacks prediction
Intrusion detection
Machine learning

ASJC Scopus subject areas

Analytical Chemistry
Information Systems
Atomic and Molecular Physics, and Optics
Biochemistry
Instrumentation
Electrical and Electronic Engineering

Access to Document

10.3390/s22041494

Cite this

@article{5e5b261235094337ada5aa0bf239b00f,

title = "Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey",

abstract = "Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterprise networks against cyber-attacks. However, NIDS networks suffer from several limitations, such as generating a high volume of low-quality alerts. Moreover, 99\% of the alerts produced by NIDSs are false positives. As well, the prediction of future actions of an attacker is one of the most important goals here. The study has reviewed the state-of-the-art cyber-attack prediction based on NIDS Intrusion Alert, its models, and limitations. The taxonomy of intrusion alert correlation (AC) is introduced, which includes similarity-based, statistical-based, knowledge-based, and hybrid-based approaches. Moreover, the classification of alert correlation components was also introduced. Alert Correlation Datasets and future research directions are highlighted. The AC receives raw alerts to identify the association between different alerts, linking each alert to its related contextual information and predicting a forthcoming alert/attack. It provides a timely, concise, and high-level view of the network security situation. This review can serve as a benchmark for researchers and industries for Network Intrusion Detection Systems{\textquoteright} future progress and development.",

keywords = "Alerts correlation, Attacks prediction, Intrusion detection, Machine learning",

author = "Hashim Albasheer and Siraj, \{Maheyzah Md\} and Azath Mubarakali and Tayfour, \{Omer Elsier\} and Sayeed Salih and Mosab Hamdan and Suleman Khan and Anazida Zainal and Sameer Kamarudeen",

note = "Publisher Copyright: {\textcopyright} 2022 by the authors. Licensee MDPI, Basel, Switzerland.",

year = "2022",

month = feb,

day = "1",

doi = "10.3390/s22041494",

language = "English",

volume = "22",

journal = "Sensors",

issn = "1424-8220",

publisher = "Multidisciplinary Digital Publishing Institute (MDPI)",

number = "4",

}

TY - JOUR

T1 - Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques

T2 - A Survey

AU - Albasheer, Hashim

AU - Siraj, Maheyzah Md

AU - Mubarakali, Azath

AU - Tayfour, Omer Elsier

AU - Salih, Sayeed

AU - Hamdan, Mosab

AU - Khan, Suleman

AU - Zainal, Anazida

AU - Kamarudeen, Sameer

PY - 2022/2/1

Y1 - 2022/2/1

N2 - Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterprise networks against cyber-attacks. However, NIDS networks suffer from several limitations, such as generating a high volume of low-quality alerts. Moreover, 99% of the alerts produced by NIDSs are false positives. As well, the prediction of future actions of an attacker is one of the most important goals here. The study has reviewed the state-of-the-art cyber-attack prediction based on NIDS Intrusion Alert, its models, and limitations. The taxonomy of intrusion alert correlation (AC) is introduced, which includes similarity-based, statistical-based, knowledge-based, and hybrid-based approaches. Moreover, the classification of alert correlation components was also introduced. Alert Correlation Datasets and future research directions are highlighted. The AC receives raw alerts to identify the association between different alerts, linking each alert to its related contextual information and predicting a forthcoming alert/attack. It provides a timely, concise, and high-level view of the network security situation. This review can serve as a benchmark for researchers and industries for Network Intrusion Detection Systems’ future progress and development.

AB - Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterprise networks against cyber-attacks. However, NIDS networks suffer from several limitations, such as generating a high volume of low-quality alerts. Moreover, 99% of the alerts produced by NIDSs are false positives. As well, the prediction of future actions of an attacker is one of the most important goals here. The study has reviewed the state-of-the-art cyber-attack prediction based on NIDS Intrusion Alert, its models, and limitations. The taxonomy of intrusion alert correlation (AC) is introduced, which includes similarity-based, statistical-based, knowledge-based, and hybrid-based approaches. Moreover, the classification of alert correlation components was also introduced. Alert Correlation Datasets and future research directions are highlighted. The AC receives raw alerts to identify the association between different alerts, linking each alert to its related contextual information and predicting a forthcoming alert/attack. It provides a timely, concise, and high-level view of the network security situation. This review can serve as a benchmark for researchers and industries for Network Intrusion Detection Systems’ future progress and development.

KW - Alerts correlation

KW - Attacks prediction

KW - Intrusion detection

KW - Machine learning

UR - https://www.scopus.com/pages/publications/85124471624

U2 - 10.3390/s22041494

DO - 10.3390/s22041494

M3 - Review article

C2 - 35214394

AN - SCOPUS:85124471624

SN - 1424-8220

VL - 22

JO - Sensors

JF - Sensors

IS - 4

M1 - 1494

ER -

Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this