Loading [a11y]/accessibility-menu.js
Extracting and Evaluating Similar and Unique Cyber Attack Strategies from Intrusion Alerts | IEEE Conference Publication | IEEE Xplore

Extracting and Evaluating Similar and Unique Cyber Attack Strategies from Intrusion Alerts


Abstract:

Intrusion detection system (IDS) is an integral part of computer networks to monitor and detect threats. However, the alerts raised by these systems are often overwhelmin...Show More

Abstract:

Intrusion detection system (IDS) is an integral part of computer networks to monitor and detect threats. However, the alerts raised by these systems are often overwhelming to security analysts, making it difficult to uncover the steps an attacker took to compromise one or more systems in the network. This work presents a novel approach that aggregates IDS alerts and forms sequences of attack activities and their corresponding probabilistic models. This allows comparison of attack sequences to offer insights for unique as well as similar attack behaviors. We aggregate alerts by performing a Gaussian filter on specific alert attributes and model attackers using a suffix-based probabilistic model. We compare sequences generated from ten independent attacking teams with similar objectives demonstrating how our process uncovers similarities and uniqueness between the attacks that was not obvious. The sequences revealed by our process creates meaningful sequences that offers insights on how the attacking teams exploit a network.
Date of Conference: 09-11 November 2018
Date Added to IEEE Xplore: 27 December 2018
ISBN Information:
Conference Location: Miami, FL, USA

References

References is not available for this document.