ASSERT:attack synthesis and separation with entropy redistribution towards predictive cyber defense  被引量:2

在线阅读下载全文

作  者:Ahmet Okutan Shanchieh Jay Yang 

机构地区:[1]Computer Engineering,Rochester Institute of Technology,Rochester,NY,USA

出  处:《Cybersecurity》2019年第1期253-270,共18页网络空间安全科学与技术(英文)

基  金:This research is supported by NSF Award#1526383.

摘  要:The sophistication of cyberattacks penetrating into enterprise networks has called for predictive defense beyond intrusion detection,where different attack strategies can be analyzed and used to anticipate next malicious actions,especially the unusual ones.Unfortunately,traditional predictive analytics or machine learning techniques that require training data of known attack strategies are not practical,given the scarcity of representative data and the evolving nature of cyberattacks.This paper describes the design and evaluation of a novel automated system,ASSERT,which continuously synthesizes and separates cyberattack behavior models to enable better prediction of future actions.It takes streaming malicious event evidences as inputs,abstracts them to edge-based behavior aggregates,and associates the edges to attack models,where each represents a unique and collective attack behavior.It follows a dynamic Bayesian-based model generation approach to determine when a new attack behavior is present,and creates new attack models by maximizing a cluster validity index.ASSERT generates empirical attack models by separating evidences and use the generated models to predict unseen future incidents.It continuously evaluates the quality of the model separation and triggers a re-clustering process when needed.Through the use of 2017 National Collegiate Penetration Testing Competition data,this work demonstrates the effectiveness of ASSERT in terms of the quality of the generated empirical models and the predictability of future actions using the models.

关 键 词:Cyber security Dynamic bayesian classifier Clustering KL divergence 

分 类 号:O62[理学—有机化学]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象