E-NIPS: An Event-based Network Intrusion Prediction System

Intrusion detection systems (IDSs) can detect and respond to various attacks. However, they cannot detect all attacks, and they are not capable of predicting future attacks. In this research, we propose an automatic intrusion prediction system (IPS) called E-NIPS (Event-based Network Intrusion Prediction System) that can not only detect attacks but also predict future probable attacks. We have utilized network penetration scenarios partitioned into multiple phases depending on the sequences they follow during network penetrations. Each of these phases consists of attack classes that are precursors to attack classes of the next phase. An attack class is a set of attacks that have same the objectives, categorized to generalize network penetration scenarios and to reduce the burden on the prediction engine during intrusion alerts correlation and prediction tasks. Future attacks are predicted based on the attack classes detected in an earlier phase of a penetration scenario. Automatic intrusion prediction provides little but very crucial time required for fortifying networks against attacks, warns network administrators about possible attacks, and reduces the damage caused due to attacks. In this paper, we describe the architecture, operation, and implementation of E-NIPS. The prototype implementation is evaluated based on some of the most commonly occurring network penetration scenarios. The experimental results show that the prototype automatically provides useful information about the occurrence of future attack events.