A Quantitative Approach for Intrusions Detection and Prevention based on Statistical N-Gram Models

In this paper we propose a new, quantitative-based approach for the detection and the prevention of intrusions. Our model is able to probabilistically predict attacks before their completion by using a quantitative Markov model built from a corpus of network traffic collected on a honeypot. Moreover, the proposed collaborative architecture honeypot intrusion detection system provides a fully autonomous system with self-learning capabilities. To validate our approach, we built a software prototype and compared its performance with the well known Snort tool. The results clearly show that our system outperforms Snort on multiple criteria including autonomy, accuracy, detection and prediction rates