Multi-Stage Attack Detection Using Layered Hidden Markov Model Intrusion Detection System

Abstract

Intrusion Detection Systems (IDS) based on Artificial Intelligence can be deployed to protect telemetry networks against intruders. As security solutions which encrypt radio links do not accommodate the ever evolving network attacks and vulnerabilities, new defense mechanisms using machine learning and artificial intelligence can play a significant role for telemetry networks. This paper proposes a multi-layered Hidden Markov Model (HMM) IDS that addresses multi-stage attacks. This is due to the fact that intrusions are increasingly being launched through multiple phases instead of single stage intrusion. This layered model divides the problem space into smaller manageable pieces reducing the curse of dimensionality associated with HMMs. To verify the application of this model for real network, the NSL-KDD dataset is used to train and test the model.