Morwilog: an ACO-based system for outlining multi-step attacks

  title={Morwilog: an ACO-based system for outlining multi-step attacks},
  author={Julio Navarro-Lara and Aline Deruyver and Pierre Parrend},
  journal={2016 IEEE Symposium Series on Computational Intelligence (SSCI)},
Threat detection is one of the basic mechanisms for protecting a network, as prevention does not suffice. Finding an attack is difficult because the most harmful ones are specially prepared against a specific victim and crafted for the first time. The contribution of a human expert is still needed for their detection, no matter how effective automatic methods used nowadays can appear. Moreover, in many occasions intrusions can only be efficiently detected by analyzing its effects on more than… 

Figures and Tables from this paper

OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks
This paper proposes OMMA (Operator-guided Monitoring of Multi-step Attacks), an open and collaborative engineering system which offers a platform to integrate the methods developed by the multi-step attack detection research community, and incorporates real-time feedback from human experts, so the integrated methods can improve their performance through a learning process.
The parameter optimization based on LVPSO algorithm for detecting multi-step attacks
A novel LVPSO-HMM algorithm based on variable length particle swarm optimization, which can optimize the number of attack states when the attacks state is unknown and it can make the model parameters converge to a global optimal solution.
Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection
This review proposes a comprehensive framework for addressing the challenge of characterising novel complex threats and relevant counter-measures in the field of intrusion detection, which is typically performed online, and security investigation, performed offline.
HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment
The HuMa framework for detailed and reliable analysis of large amounts of data for security purposes is proposed and an evaluation of the contribution of the context and attack pattern layer to security investigation is provided.
Artificial Immune Ecosystems: the role of expert-based learning in artificial cognition
This research effort intends to revisit the contribution of artificial immune system research to bring immune properties: security, resilience, distribution, memory, into IT infrastructures by enriching the cognitive process with expert-based learning for reinforcement, classification and investigation.
Dealing with Security Alert Flooding: Using Machine Learning for Domain-independent Alert Aggregation
A domain-independent alert aggregation technique that introduces similarity measures and merging strategies for arbitrary semi-structured alerts and alert groups and proposes an incremental procedure for the generation of abstract alert patterns that enable continuous classification of incoming alerts.
For a refoundation of Artificial Immune System research: AIS is a Design Pattern
This work strongly believes that building efficient immune systems require going back to the source of immune model analysis: the work of Francesco Varela on cognitive sciences and the need for a shift of cognitive analysis towards enactement.
Review on Intelligent Algorithms for Cyber Security
The implementation of intelligent algorithms in encountering the wide range of cyber security problems is surveyed, namely, nature-inspired computing (NIC) paradigms, machine learning algorithms, and deepLearning algorithms, based on exploratory analyses to identify the advantages of employing in enhancing cyber security techniques.
Trusting Machine Learning Algorithms in Predicting Malicious Nodes Attacks
Simulated datasets are used to create different possible scenarios for IoT data labeled with malicious and non-malicious nodes and off a shelf machine learning algorithm for malicious node detection is tested.


Agent based Parallelized Intrusion Detection System using Ant Colony Optimization
This paper presents an Ant Colony Optimization based intrusion detection system that uses agents to perform the process of detection, storage and monitoring, and the workload of the detection system is reduced considerably, providing faster results.
DIDS Using Cooperative Agents Based on Ant Colony Clustering
A multi-agent architecture for a distributed intrusion detection system (DIDS) based on ant-colony clustering (ACC) is proposed, for recognizing new and coordinated attacks, handling large data traffic, synchronization, co-operation between components without the presence of centralized computation, and good detection performance in real-time with immediate alarm notification.
Automatic Rule Generation Based on Genetic Programming for Event Correlation
This paper presents a novel approach for automatic generation of security event correlation rules based on Genetic Programming which has been already used at sensor level and poses an optimization challenge in the design of such correlation engine.
MARS: Multi-stage Attack Recognition System
The limitations of the current techniques are identified and a framework for alert correlation that overcomes these shortcomings is proposed and an improved “cause and effect” model will be presented cooperating with statistical model to achieve higher detection rate with minimum false positives.
Real-time attack scenario detection via intrusion detection alert correlation
  • Z. Zali, M. Hashemi, H. Saidi
  • Computer Science
    2012 9th International ISC Conference on Information Security and Cryptology
  • 2012
A new IDS alert correlation method to detect attack scenarios in real-time based on causal approach due to the strength of causal methods in practice and its efficiency with respect to the run time is shown.
An iterative alert correlation method for extracting network intrusion scenarios
This paper provides a Bayesian network based alert correlation approach that is able to discover attack strategies without need to expert knowledge and tries to eliminate redundant relationships in a detected attack scenario.
Defense on the Move: Ant-Based Cyber Defense
The authors' mobile resilient defense, Ant-Based Cyber Defense (ABCD), is a set of roaming, bio-inspired, digital-ant agents working with stationary agents in a hierarchy headed by a human supervisor that provides a resilient, extensible, and flexible defense that can scale to large, multi-enterprise infrastructures such as the smart electric grid.