Attack Prediction using Hidden Markov Model
This work addresses the need for effective defense systems in cybersecurity by enabling attack prediction, though it appears incremental as it applies an existing HMM method to a specific domain.
The authors tackled the problem of predicting adversarial attack families by proposing a Hidden Markov Model (HMM) approach, which uses log file observations and the Viterbi algorithm to generate attack state sequences, with a case study on Action Spoofing attacks demonstrating its performance.
It is important to predict any adversarial attacks and their types to enable effective defense systems. Often it is hard to label such activities as malicious ones without adequate analytical reasoning. We propose the use of Hidden Markov Model (HMM) to predict the family of related attacks. Our proposed model is based on the observations often agglomerated in the form of log files and from the target or the victim's perspective. We have built an HMM-based prediction model and implemented our proposed approach using Viterbi algorithm, which generates a sequence of states corresponding to stages of a particular attack. As a proof of concept and also to demonstrate the performance of the model, we have conducted a case study on predicting a family of attacks called Action Spoofing.