| Title | Dynamic Generation of Empirical Cyberattack Models with Engineered Alert Features |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Okutan, Ahmet, Cheng, Fu-Yuan, Su, Shao-Hsuan, Yang, Shanchieh Jay |
| Conference Name | MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM) |
| Date Published | nov |
| Keywords | 2017 National Collegiate Penetration, Aggregates, Analytical models, automated system, Bayes methods, belief networks, collective attack behavior, competition data, corporate network, critical activities, critical cyber incidents, cyberattack, cybersecurity, Dynamic attack models, dynamic Bayesian approach, dynamic generation, empirical attack models, empirical cyberattack models, feature extraction, ground truth data, Human Behavior, Human Behavior and Cybersecurity, Indexes, intrusion alerts, IP networks, pubcrawl, security of data, unique attack models |
| Abstract | Due to the increased diversity and complexity of cyberattacks, innovative and effective analytics are needed in order to identify critical cyber incidents on a corporate network even if no ground truth data is available. This paper develops an automated system which processes a set of intrusion alerts to create behavior aggregates and then classifies these aggregates into empirical attack models through a dynamic Bayesian approach with innovative feature engineering methods. Each attack model represents a unique collective attack behavior that helps to identify critical activities on the network. Using 2017 National Collegiate Penetration Testing Competition data, it is demonstrated that the developed system is capable of generating and refining unique attack models that make sense to human, without a priori knowledge. |
| DOI | 10.1109/MILCOM47813.2019.9020785 |
| Citation Key | okutan_dynamic_2019 |
Dynamic Generation of Empirical Cyberattack Models with Engineered Alert Features