Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks
| Autor: | Pavol Sokol, Terézia Mézešová, Tomáš Bajtoš |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
alert correlation
attack evaluation lcsh:T58.5-58.64 lcsh:Information technology Process (engineering) Event (computing) Computer science Skill level 020206 networking & telecommunications 02 engineering and technology Intrusion detection system Computer security computer.software_genre attacker skill level Multi stage Intrusion 0202 electrical engineering electronic engineering information engineering Information system 020201 artificial intelligence & image processing Data set (IBM mainframe) computer Information Systems |
| Zdroj: | Information, Vol 11, Iss 537, p 537 (2020) Information Volume 11 Issue 11 |
| ISSN: | 2078-2489 |
| Popis: | The rapid move to digitalization and usage of online information systems brings new and evolving threats that organizations must protect themselves from and respond to. Monitoring an organization&rsquo s network for malicious activity has become a standard practice together with event and log collection from network hosts. Security operation centers deal with a growing number of alerts raised by intrusion detection systems that process the collected data and monitor networks. The alerts must be processed so that the relevant stakeholders can make informed decisions when responding to situations. Correlation of alerts into more expressive intrusion scenarios is an important tool in reducing false-positive and noisy alerts. In this paper, we propose correlation rules for identifying multi-stage attacks. Another contribution of this paper is a methodology for inferring from an alert the values needed to evaluate the attack in terms of the attacker&rsquo s skill level. We present our results on the CSE-CIC-IDS2018 data set. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
| Nepřihlášeným uživatelům se plný text nezobrazuje | K zobrazení výsledku je třeba se přihlásit. |