|
Network attacks are increasingly complex and fast-evolving. A single attack may use multiple reconnaissance, exploit, and obfuscation techniques. This project investigates how to extract critical attack attributes, synthesize novel attack sequences, and reveal potential threats to critical assets in a timely manner. The project uses machine learning techniques to simultaneously identify new attack types and observed events that could identify those attacks. The Transition-to-Practice component in the project includes a three-phase plan to provide a positively reinforced and measurable cycle to develop, evaluate, and refine a prototype system in real-world environments. This significantly broadens the engagement of security practitioners and student teams, who will be planning and executing attacks to test the prototype system. The outcome of this research will provide timely comprehension and anticipation of critical attack strategies, offering the practitioners a solution to level the playing field against sophisticated attackers.
Specifically, this work develops an online semi-supervised learning framework to capture both spatial and temporal features of attack strategies. An attack behavior model is a collection of feature probability distributions. The attack features are used to synthesize attack sequences via Monte-Carlo simulation. The attack sequences along with an ensemble prediction are then used to reveal potential threats to critical assets in the network. The project will be evaluated on real-world attack data as well as synthetic network attacks. An extensive outreach plan includes course module development, a mid-project workshop to engage security researchers and practitioners, and a summary panel in an international conference.
|
TWC: TTP Option: Small: Automating Attack Strategy Recognition to Enhance Cyber Threat Prediction