Title: Network event-based model using finite state machine to detect and predict insider intrusion on enterprise networks

Authors: T.N. Nisha; Dhanya Pramod

Addresses: Symbiosis Centre for Information Technology (SCIT), Symbiosis International (Deemed University) (SIU), Pune, India ' Symbiosis Centre for Information Technology (SCIT), Symbiosis International (Deemed University) (SIU), Pune, India

Abstract: Network infrastructure being the backbone of organisations, has become the preferred target for attackers. Hackers pose threat to the network architecture and target the data in storage and in transit mode. In addition to this, insiders with malicious intentions also try to exploit access, therefore organisations need to detect and deal with such attempts. In this paper, we propose a finite state machine-based attack probability detection model to detect insider attacks on enterprise network. The model consists of a knowledge-based finite state machine and a probability-based IPAM algorithm that gives high detection rates and less false positives. The approach uses a novel composition wherein the event sequences are generated for each pair of connected hosts using the state machine and then fed to probability component for further analysis and ascertaining the network safety level. The proposed approach defends the denial of service attacks and scanning probes. The model works in the lower layers of the network protocol stack and hence the detection characteristics can be easily extended to protect against new attacks.

Keywords: network security; insider attacks; DoS attack; DDoS attacks; knowledge-based anomaly detection; finite state machine; IPAM; probabilistic attack prediction.

DOI: 10.1504/IJSN.2022.127154

International Journal of Security and Networks, 2022 Vol.17 No.4, pp.269 - 283

Received: 23 Sep 2021
Accepted: 10 Jan 2022
Published online: 23 Nov 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article