{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,11]],"date-time":"2026-05-11T11:04:44Z","timestamp":1778497484202,"version":"3.51.4"},"reference-count":43,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2020,11,29]],"date-time":"2020-11-29T00:00:00Z","timestamp":1606608000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Nowadays, systems around the world face many cyber attacks every day. These attacks consist of numerous steps that may occur over an extended period of time. We can learn from them and use this knowledge to create tools to predict and prevent the attacks. In this paper, we introduce a way to sort cyber attacks in stages, which can help with the detection of each stage of cyber attacks. In this way, we can detect the earlier stages of the attack. We propose a solution using Bayesian network algorithms to predict how the attacks proceed. We can use this information for more effective defense against cyber threats.<\/jats:p>","DOI":"10.3390\/info11120560","type":"journal-article","created":{"date-parts":[[2020,11,29]],"date-time":"2020-11-29T21:00:57Z","timestamp":1606683657000},"page":"560","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["Early-Stage Detection of Cyber Attacks"],"prefix":"10.3390","volume":"11","author":[{"given":"Martina","family":"Pivarn\u00edkov\u00e1","sequence":"first","affiliation":[{"name":"Ministry of Investments, Regional Development and Informatization of the Slovak Republic, Computer Security Incident Response Team Slovakia - CSIRT.SK, 811 05 Bratislava, Slovakia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1967-8802","authenticated-orcid":false,"given":"Pavol","family":"Sokol","sequence":"additional","affiliation":[{"name":"Faculty of Science, Pavol Jozef \u0160af\u00e1rik University in Ko\u0161ice, 040 01 Ko\u0161ice, Slovakia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8618-3642","authenticated-orcid":false,"given":"Tom\u00e1\u0161","family":"Bajto\u0161","sequence":"additional","affiliation":[{"name":"Faculty of Science, Pavol Jozef \u0160af\u00e1rik University in Ko\u0161ice, 040 01 Ko\u0161ice, Slovakia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,11,29]]},"reference":[{"key":"ref_1","unstructured":"FireEye (2020, November 19). Common Vulnerability Scoring System. Available online: https:\/\/www.fireeye.com\/content\/dam\/collateral\/en\/mtrends-2018.pdf."},{"key":"ref_2","first-page":"640","article-title":"Survey of attack projection, prediction, and forecasting in cyber security","volume":"21","year":"2018","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Yang, S.J., Du, H., Holsopple, J., and Sudit, M. (2014). Attack projection. Cyber Defense and Situational Awareness, Springer.","DOI":"10.1007\/978-3-319-11391-3_12"},{"key":"ref_4","first-page":"244","article-title":"Attack Intention Recognition: A Review","volume":"19","author":"Ahmed","year":"2017","journal-title":"IJ Netw. Secur."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Abdlhamed, M., Kifayat, K., Shi, Q., and Hurst, W. (2017). Intrusion prediction systems. Information Fusion for Cyber-Security Analytics, Springer.","DOI":"10.1007\/978-3-319-44257-0_7"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Leau, Y.B., and Manickam, S. (2015). Network security situation prediction: A review and discussion. International Conference on Soft Computing, Intelligence Systems, and Information Technology, Springer.","DOI":"10.1007\/978-3-662-46742-8_39"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"M\u00e9ze\u0161ov\u00e1, T., Sokol, P., and Bajto\u0161, T. (2019, January 27\u201329). Evaluation of Attacker Skill Level for Multi-stage Attacks. Proceedings of the 2019 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), Pitesti, Romania.","DOI":"10.1109\/ECAI46879.2019.9042153"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Ramaki, A.A., Khosravi-Farmad, M., and Bafghi, A.G. (2015, January 2\u20133). Real time alert correlation and prediction using Bayesian networks. Proceedings of the 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), Rasht, Iran.","DOI":"10.1109\/ISCISC.2015.7387905"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Swiler, L.P., and Phillips, C. (1998). A Graph-Based System for Network-Vulnerability Analysis, Sandia National Labs.. Technical Report.","DOI":"10.2172\/573291"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Cao, P., Chung, K.W., Kalbarczyk, Z., Iyer, R., and Slagell, A.J. (2014, January 8\u20139). Preemptive intrusion detection. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, Raleigh, NC, USA.","DOI":"10.1145\/2600176.2600197"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Cao, P., Badger, E., Kalbarczyk, Z., Iyer, R., and Slagell, A. (2015, January 21\u201322). Preemptive intrusion detection: Theoretical framework and real-world measurements. Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, Urbana-Champaign, IL, USA.","DOI":"10.1145\/2746194.2746199"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1016\/j.cose.2014.10.006","article-title":"RTECA: Real time episode correlation algorithm for multi-step attack scenarios detection","volume":"49","author":"Ramaki","year":"2015","journal-title":"Comput. Secur."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ning, P., and Xu, D. (2003, January 27\u201330). Learning attack strategies from intrusion alerts. Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, USA.","DOI":"10.1145\/948109.948137"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Li, Z., Lei, J., Wang, L., and Li, D. (2007, January 24\u201327). A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction. Proceedings of the Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2007), Haikou, China.","DOI":"10.1109\/FSKD.2007.15"},{"key":"ref_15","unstructured":"Liu, P. (2005). A Game Theoretic Approach to Cyber Attack Prediction, Pennsylvania State University. Technical Report."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Wu, J., Yin, L., and Guo, Y. (2012, January 17\u201319). Cyber attacks prediction model based on Bayesian network. Proceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems, Singapore.","DOI":"10.1109\/ICPADS.2012.117"},{"key":"ref_17","unstructured":"Ishida, C., Arakawa, Y., Sasase, I., and Takemori, K. (2005, January 24\u201326). Forecast techniques for predicting increase or decrease of attacks using bayesian inference. PACRIM. Proceedings of the 2005 IEEE Pacific Rim Conference on Communications, Computers and signal Processing, Victoria, BC, Canada."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Okutan, A., Yang, S.J., and McConky, K. (2017, January 15\u201316). Predicting cyber attacks with bayesian networks using unconventional signals. Proceedings of the 12th Annual Conference on Cyber and Information Security Research, Kowloon, Hong Kong, China.","DOI":"10.1145\/3064814.3064823"},{"key":"ref_19","unstructured":"Passeri, P. (2020, November 19). HACKMAGEDDON, Information Security Timelines and Statistics. Available online: https:\/\/www.hackmageddon.com\/."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Tabia, K., and Leray, P. (2010). Bayesian network-based approaches for severe attack prediction and handling IDSs\u2019 reliability. International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems, Springer.","DOI":"10.1007\/978-3-642-14058-7_65"},{"key":"ref_21","unstructured":"Pearl, J. (2014). Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference, Elsevier."},{"key":"ref_22","first-page":"77","article-title":"Alert correlation and prediction using data mining and HMM","volume":"3","author":"Farhadi","year":"2011","journal-title":"ISeCure"},{"key":"ref_23","first-page":"311","article-title":"Real time intrusion prediction based on optimized alerts with hidden Markov model","volume":"7","author":"Sendi","year":"2012","journal-title":"J. Networks"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1016\/j.eswa.2012.07.057","article-title":"Advanced probabilistic approach for network intrusion forecasting and detection","volume":"40","author":"Shin","year":"2013","journal-title":"Expert Syst. Appl."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1109\/TDSC.2017.2751478","article-title":"Real-time multistep attack prediction based on hidden markov models","volume":"17","author":"Holgado","year":"2017","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_26","first-page":"80","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"Hutchins","year":"2011","journal-title":"Lead. Issues Inf. Warf. Secur. Res."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"3826","DOI":"10.1016\/j.comnet.2013.09.008","article-title":"A systematic approach for detecting and clustering distributed cyber scanning","volume":"57","author":"Debbabi","year":"2013","journal-title":"Comput. Networks"},{"key":"ref_28","unstructured":"Caltagirone, S., Pendergast, A., and Betz, C. (2013). The Diamond Model of Intrusion Analysis, Center For Cyber Intelligence Analysis and Threat Research. Technical Report."},{"key":"ref_29","first-page":"1496","article-title":"Cyber scanning: a comprehensive survey","volume":"16","author":"Debbabi","year":"2013","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Yadav, T., and Rao, A.M. (2015). Technical aspects of cyber kill chain. International Symposium on Security in Computing and Communication, Springer.","DOI":"10.1007\/978-3-319-22915-7_40"},{"key":"ref_31","unstructured":"(2020, November 19). Available online: https:\/\/www.mycert.org.my."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Cooper, G. (1999). An overview of the representation and discovery of causal relationships using Bayesian networks. Computation, Causation, and Discovery, MIT Press.","DOI":"10.7551\/mitpress\/2006.003.0002"},{"key":"ref_33","unstructured":"Guo, H., and Hsu, W. (2020, November 19). A Survey of Algorithms for Real-Time Bayesian Network Inference. Available online: https:\/\/www.aaai.org\/Papers\/Workshops\/2002\/WS-02-15\/WS02-15-001.pdf."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1023\/A:1007465528199","article-title":"Bayesian network classifiers","volume":"29","author":"Friedman","year":"1997","journal-title":"Mach. Learn."},{"key":"ref_35","unstructured":"Qin, X., and Lee, W. (2004, January 6\u201310). Attack plan recognition and prediction using causal networks. Proceedings of the 20th Annual Computer Security Applications Conference, Tucson, AZ, USA."},{"key":"ref_36","unstructured":"Zhang, N.L., and Poole, D. (1994, January 16\u201320). A simple approach to Bayesian network computations. Proceedings of the Biennial Conference-Canadian Society for Computational Studies of Intelligence, Banff Park Lodge, Banff, Alberta."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2020, November 19). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. Available online: https:\/\/www.scitepress.org\/Papers\/2018\/66398\/66398.pdf.","DOI":"10.5220\/0006639801080116"},{"key":"ref_38","unstructured":"(2020, November 19). Intrusion Detection Evaluation Dataset (CICIDS2017), U.o.N. Brunswick. Available online: https:\/\/www.unb.ca\/cic\/datasets\/ids-2017.html."},{"key":"ref_39","unstructured":"(2020, November 19). Snort - Network Intrusion Detection & Prevention System. Available online: https:\/\/www.snort.org."},{"key":"ref_40","unstructured":"(2020, November 19). SNORT Users Manual 2.9.13. The Snort Project 2019. Available online: https:\/\/www.snort.org\/documents\/snort-users-manual."},{"key":"ref_41","unstructured":"Hansson, L. (2020, November 19). NF IDS Rules. Available online: https:\/\/networkforensic.dk\/SNORT\/."},{"key":"ref_42","unstructured":"(2020, November 19). Emerging Threats rules. Available online: https:\/\/rules.emergingthreats.net\/."},{"key":"ref_43","unstructured":"(2020, November 19). What Is Cyber Attack?. Available online: https:\/\/www.upguard.com\/blog\/cyber-attack."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/11\/12\/560\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:39:19Z","timestamp":1760179159000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/11\/12\/560"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,29]]},"references-count":43,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2020,12]]}},"alternative-id":["info11120560"],"URL":"https:\/\/doi.org\/10.3390\/info11120560","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,11,29]]}}}