Akshay Peshave

@inproceedings{2022:peshave:adma_nw_threats_hmm_ensembles,type={proceedings},doi={10.1007/978-3-030-95405-5_17},booktitle={Advanced Data Mining and Applications. ADMA 2022. Lecture Notes in Computer Science.},pages={229--240},editor={Li, Bohan and Yue, Lin and Jiang, Jing and Chen, Weitong and Li, Xue and Long, Guodong and Fang, Fei and Yu, Han},publisher={Springer International Publishing},address={Cham},isbn={978-3-030-95405-5},volume={13087},id={2022:peshave:adma_nw_threats_hmm_ensembles},year={2022},month={01},day={31},date={2022-01-31},title={Predicting Network Threat Events Using HMM Ensembles},author={Peshave, Akshay and Ganesan, Ashwinkumar and Oates, Tim},url={http://dx.doi.org/10.1007/978-3-030-95405-5_17}}

Predicting Network Threat Events Using HMM Ensembles

Peshave, Akshay; Ganesan, Ashwinkumar; Oates, Tim

Advanced Data Mining and Applications. ADMA 2022. Lecture Notes in Computer Science.

2022 January

Network Threat PredictionMalicious Traffic Sequence AnalysisHidden Markov Model Ensemble

VIEW PDF CITE THIS VIEW ON PUBLISHER SITE

ABSTRACT : Network traffic analysis, with the objective of identifying and preempting malicious campaigns, is an active area of research. An effective model that predicts future malicious network events based on observed malicious event sequences can aid with preemptive action that includes intervention by a security analyst. Predicting threat events that are part of a cybersecurity threat campaign that spans a long duration of time remains a challenge as the time lag between various steps in a campaign is unbounded. In this paper, we describe an approach to create an ensemble of Hidden Markov Models trained on sequences of malicious network events. The ensemble is used to predict the next expected malicious event given an already observed malicious traffic sequence at any network host. Ensembles of different sizes in combination with two prediction strategies are evaluated using prediction accuracy relative to two baselines predictors.