Publication details

Predictions of Network Attacks in Collaborative Environment

Investor logo
Authors

HUSÁK Martin ČELEDA Pavel

Year of publication 2020
Type Article in Proceedings
Conference NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium
MU Faculty or unit

Institute of Computer Science

Citation
Web https://ieeexplore.ieee.org/document/9110472
Doi http://dx.doi.org/10.1109/NOMS47738.2020.9110472
Keywords intrusion detection;alert correlation;information sharing;collaboration;prediction;situational awareness
Attached files
Description This paper is a digest of the thesis on predicting cyber attacks in a collaborative environment. While previous works mostly focused on predicting attacks as seen from a single observation point, we proposed taking advantage of collaboration and exchange of intrusion detection alerts among organizations and networks. Thus, we can observe the cyber attack on a large scale and predict the next action of an adversary and its target. The thesis follows the three levels of cyber situational awareness: perception, comprehension, and projection. In the perception phase, we discuss the improvements of intrusion detection systems that allow for sharing intrusion detection alerts and their correlation. In the comprehension phase, we employed data mining to discover frequent attack patterns. In the projection phase, we present the analytical framework for the predictive analysis of the alerts backed by data mining and contemporary data processing approaches. The results are shown from experimental evaluation in the security alert sharing platform SABU, where real-world alerts from Czech academic and commercial networks are shared. The thesis is accompanied by the implementation of the analytical framework and a dataset that provides a baseline for future work.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info