The volume, convolution and variety of cyber attacks are continually increasing. Cyber attacks have been detected with various scanners, firewalls and intrusion detection and prevention system. Cyber criminals have developed sophisticated methods and techniques to chip in to the targeted networks to exploit their resources. Targeting both wired and wireless communications. As we know that cyber criminals are targeting selected group of people and organisations and persisting until they achieve their goals. A1000 is a machine learning based system which can precisely detect and predict attacks in a holistic ways making a significant contribution to the field of intrusion.
PROCEDURE
The major contribution of A1000 is divided into three phases. In the first phase also know as threat detection the system detect threats during the multi step malware attack. The second step also know as alert correlation which involves correlating the alert produced in the first phase with one A1000 attack scenario. The main purpose of using the correlation framework is to reduce the false positive rate of the detection system. The final phase involves attack prediction where a machine learning based prediction module is designed and implemented based on a historical record of the monitored network. This module can be used to determine the probability of the early alerts to develop a complete A1000 attack.
There are various ATP detectors which uses information tracking to find a nexus between the elementary attacks. The A1000 system uses information flow tracking to find the links between the elementary alerts. However there are certain limitations to it which includes high false positives. The other aspect of A1000 utilises mathematical and computational analysis for filtering unwanted emails. It also detects malicious files based on white lists and their compatibility as viable. Moreover it utilises certain algorithms to detect the step of data exfiltration. With the advancement of cyber attacks A1000 have caused major concerns on a global level. A1000 refers to a persistent, multi stage attack which compromises the system and gain information from the targeted system which has the potential to cause significant damage and substantial financial loss. The precise detection and prediction of A1000 is itself an ongoing challenge. A1000 involves multi step attacks therefore effective detection should go through the detection of techniques used within each stage of the life cycle. Detection modules are developed to detect the most commonly used techniques used in the A1000 attack steps. Even though an individual module alert indicates a technique which can possibly be used in an attack. This type of technique can be used for other types of attacks or it can be even a amiably one.
Conclusion
As we know that cyber attacks are on rise and can be detected with various preventive systems. The A1000 includes multi step attacks which can be overcome by detecting new techniques. With the advancement of cyber attacking systems it has become necessary to take safety measure to prevent from such attacks. We cannot deny the fact that an individual is vulnerable while using internet and many firms and organisations are afraid they might not get attacked and their data being taken by the attackers. Therefore safety easier needs to be taken to prevent from such malicious attacks.
