Logical Filter Approach for Early Stage Cyber-Attack Detection

Vacius Jusas, Saulius Japertas, Tautvydas Baksys, Sandeepak Bhandari

The planned in advance cyber-attacks cause the most damage for the users of the information systems. Such attacks can take a very long time, require considerable financial and human resources, and therefore, they can only be organized by large interest groups. Furthermore, current intrusion detection systems, intrusion prevention systems and intrusion response systems used to protect against cyber-attacks have several shortcomings. Such systems respond only to the attack itself when it is too late to take a preventive action and they are not suitable for detecting an attack in early stages when it is possible to block the attack and minimize the losses. Early detection requires detailed monitoring of network and system parameters to be able to accurately identify the early stages of the attack when it is still possible to kill the attack chain. In this paper, we propose to consider an attack chain consisting of nine stages. The method to detect early stage cyber-attack based on the attack chain analysis using hardware implementation of logical filters is suggested. The performed experiment acknowledges the possibility to detect the attack in the early stages.