| Title | Analysis and Modelling of Multi-Stage Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Chamotra, Saurabh, Barbhuiya, Ferdous Ahmed |
| Conference Name | 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) |
| Date Published | dec |
| Keywords | Analytical models, Attack modelling, Computational modeling, cyberattack, Engines, graph theory, honeypot, Human Behavior, Labeling, machine learning, malware analysis, Metrics, multi-stage attacks, privacy, pubcrawl, resilience, Resiliency, security, Tools |
| Abstract | Honeypots are the information system resources used for capturing and analysis of cyber attacks. Highinteraction Honeypots are capable of capturing attacks in their totality and hence are an ideal choice for capturing multi-stage cyber attacks. The term multi-stage attack is an abstraction that refers to a class of cyber attacks consisting of multiple attack stages. These attack stages are executed either by malicious codes, scripts or sometimes even inbuilt system tools. In the work presented in this paper we have proposed a framework for capturing, analysis and modelling of multi-stage cyber attacks. The objective of our work is to devise an effective mechanism for the classification of multi-stage cyber attacks. The proposed framework comprise of a network of high interaction honeypots augmented with an attack analysis engine. The analysis engine performs rule based labeling of captured honeypot data. The labeling engine labels the attack data as generic events. These events are further fused to generate attack graphs. The hence generated attack graphs are used to characterize and later classify the multi-stage cyber attacks. |
| DOI | 10.1109/TrustCom50675.2020.00170 |
| Citation Key | chamotra_analysis_2020 |
Analysis and Modelling of Multi-Stage Attacks