Biblio
Filters: Keyword is critical cyber incidents [Clear All Filters]
Dynamic Generation of Empirical Cyberattack Models with Engineered Alert Features. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :1–6.
.
2019. Due to the increased diversity and complexity of cyberattacks, innovative and effective analytics are needed in order to identify critical cyber incidents on a corporate network even if no ground truth data is available. This paper develops an automated system which processes a set of intrusion alerts to create behavior aggregates and then classifies these aggregates into empirical attack models through a dynamic Bayesian approach with innovative feature engineering methods. Each attack model represents a unique collective attack behavior that helps to identify critical activities on the network. Using 2017 National Collegiate Penetration Testing Competition data, it is demonstrated that the developed system is capable of generating and refining unique attack models that make sense to human, without a priori knowledge.