Evaluation of HMM-Based Network Intrusion Detection System for Multiple Multi-Stage Attacks

With the explosive growth of network security threats, there is a dire need to build secure network systems. In this article, we address the challenges of modeling and detecting advanced network attacks. In particular, we investigate how interleaving multiple multi-stage can exacerbate the stealthiness of the attack and deceive network intrusion detection systems. We design a detection architecture based on a leading statistical machine learning technique, HMM. The proposed architecture deploys a set of HMM templates of recognized multi-stage attacks to detect and track the progress of stealthy attacks. Extensive simulation experiments are conducted to assess the performance of the proposed architecture for multiple multi-stage attack scenarios in the presence of imperfect partitioning of network data streams and false alerts with various rates.