| Title | Intrusion Detection using a Graphical Fingerprint Model |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Nie, Chenyang, Quinan, Paulo Gustavo, Traore, Issa, Woungang, Isaac |
| Conference Name | 2022 22nd IEEE International Symposium on Cluster, Cloud and Internet Computing (CCGrid) |
| Date Published | may |
| Keywords | Attack fingerprint, Databases, Fingerprint recognition, Force, graph database, Human Behavior, Intrusion detection, intrusion detection system, Metrics, Organizations, passwords, policy-based governance, privacy, pubcrawl, resilience, Resiliency, SQL Injection, SQL injection detection, subgraph matching |
| Abstract | The Activity and Event Network (AEN) graph is a new framework that allows modeling and detecting intrusions by capturing ongoing security-relevant activity and events occurring at a given organization using a large time-varying graph model. The graph is generated by processing various network security logs, such as network packets, system logs, and intrusion detection alerts. In this paper, we show how known attack methods can be captured generically using attack fingerprints based on the AEN graph. The fingerprints are constructed by identifying attack idiosyncrasies under the form of subgraphs that represent indicators of compromise (IOes), and then encoded using Property Graph Query Language (PGQL) queries. Among the many attack types, three main categories are implemented as a proof of concept in this paper: scanning, denial of service (DoS), and authentication breaches; each category contains its common variations. The experimental evaluation of the fingerprints was carried using a combination of intrusion detection datasets and yielded very encouraging results. |
| DOI | 10.1109/CCGrid54584.2022.00095 |
| Citation Key | nie_intrusion_2022 |
Intrusion Detection using a Graphical Fingerprint Model