Analyzing cyber-attacks using feature similarity: A flow based detection approach

The advancements and improvement in network technology has given rise to new challenges in cyber- security, by increasing the risk of cyber-attacks. Intruders are exploiting vulnerabilities to devise novel and unknown cyber-attacks to perform malicious activities. Due to increasing network traffic the current packet-based Intrusion Detection Systems (IDSs) spend significant amount of time analyzing packets to detect intrusions. This thesis attempts to identify relevancy between cyber-attacks using binary similarity coefficients using a network flow based approach. A network flow is a sequence of packets between a given source and destination in one direction only that share certain characteristics. The discovery of relevancy between attacks in network flows helps in correlating the suspicious attack events, as it is measured by similarity coefficients. A prototype system has been implemented and evaluated using several similarity coefficients for suspicious events to identify incoming cyber-attacks.