<p>Attack prediction is a key capability of modern intrusion detection systems, as it enables security operators to anticipate attacker behavior and proactively mitigate threats. However, accurately predicting multi-step attack scenarios remains challenging due to the diversity of attack patterns, evolving attack sequences, and the complexity of correlating heterogeneous security alerts. In this paper, we propose an alert correlation and attack prediction framework based on attack graphs and probabilistic modeling. The proposed approach constructs attack graphs from observed alerts and leverages transition probabilities to model the progression of attacker actions. By matching partial attack graphs against previously observed attack scenarios, the framework predicts plausible future attack steps and complete attack paths, together with their associated probabilities. The proposed method relies on efficient polynomial-time algorithms, making it suitable for real-time operation. Experimental evaluation on benchmark intrusion detection datasets demonstrates the effectiveness and scalability of the proposed framework in predicting attack scenarios, while maintaining low computational overhead.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Graph-based attack prediction with probabilistic correlation for real-time threat analysis

  • Ouissem Ben Fredj,
  • Omar Cheikhrouhou

摘要

Attack prediction is a key capability of modern intrusion detection systems, as it enables security operators to anticipate attacker behavior and proactively mitigate threats. However, accurately predicting multi-step attack scenarios remains challenging due to the diversity of attack patterns, evolving attack sequences, and the complexity of correlating heterogeneous security alerts. In this paper, we propose an alert correlation and attack prediction framework based on attack graphs and probabilistic modeling. The proposed approach constructs attack graphs from observed alerts and leverages transition probabilities to model the progression of attacker actions. By matching partial attack graphs against previously observed attack scenarios, the framework predicts plausible future attack steps and complete attack paths, together with their associated probabilities. The proposed method relies on efficient polynomial-time algorithms, making it suitable for real-time operation. Experimental evaluation on benchmark intrusion detection datasets demonstrates the effectiveness and scalability of the proposed framework in predicting attack scenarios, while maintaining low computational overhead.