Predictions of Network Attacks in Collaborative Environment
| Authors | |
|---|---|
| Year of publication | 2020 |
| Type | Article in Proceedings |
| Conference | NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium |
| MU Faculty or unit | |
| Citation | |
| Web | https://ieeexplore.ieee.org/document/9110472 |
| Doi | http://dx.doi.org/10.1109/NOMS47738.2020.9110472 |
| Keywords | intrusion detection;alert correlation;information sharing;collaboration;prediction;situational awareness |
| Attached files | |
| Description | This paper is a digest of the thesis on predicting cyber attacks in a collaborative environment. While previous works mostly focused on predicting attacks as seen from a single observation point, we proposed taking advantage of collaboration and exchange of intrusion detection alerts among organizations and networks. Thus, we can observe the cyber attack on a large scale and predict the next action of an adversary and its target. The thesis follows the three levels of cyber situational awareness: perception, comprehension, and projection. In the perception phase, we discuss the improvements of intrusion detection systems that allow for sharing intrusion detection alerts and their correlation. In the comprehension phase, we employed data mining to discover frequent attack patterns. In the projection phase, we present the analytical framework for the predictive analysis of the alerts backed by data mining and contemporary data processing approaches. The results are shown from experimental evaluation in the security alert sharing platform SABU, where real-world alerts from Czech academic and commercial networks are shared. The thesis is accompanied by the implementation of the analytical framework and a dataset that provides a baseline for future work. |
| Related projects: |