Systematic Review and Quantitative Comparison of Cyberattack Scenario Detection and Projection
作者: Ivan Kovačević , Stjepan Groš , Karlo Slovenec
DOI: 10.3390/ELECTRONICS9101722
关键词:
摘要: Intrusion Detection Systems (IDSs) automatically analyze event logs and network traffic in order to detect malicious activity policy violations. Because IDSs have a large number of false positives negatives the technical nature their alerts requires lot manual analysis, researchers proposed approaches that automate analysis large-scale attacks predict attacker’s next steps. Unfortunately, many such use unique datasets success metrics, making comparison difficult. This survey provides an overview state art detecting projecting cyberattack scenarios, with focus on evaluation corresponding metrics. Representative papers are collected while using Google Scholar Scopus searches. Mutually comparable metrics calculated several tables provided. Our results show commonly used saturated popular cannot assess practical usability approaches. In addition, knowledge bases require constant maintenance, data mining ML depend quality available datasets, which, at time writing, not representative enough provide general regarding attack so more emphasis needs be placed researching behavior attackers.
mdpi.com
irb.hr
sci-hub.st 参考文章(84)
Fabien Autrel, Frédéric Cuppens, Alexandre Miege, Samuel Benferhat, Correlation in an intrusion detection process SECI'02 : Sécurité des Communications sur Internet. ,(2002)
Christophe Dousson, Extending and unifying chronicle representation with event counters european conference on artificial intelligence. pp. 257- 261 ,(2002)
Massimiliano Albanese, Sushil Jajodia, Andrea Pugliese, V. S. Subrahmanian, Scalable Analysis of Attack Scenarios Computer Security – ESORICS 2011. pp. 416- 433 ,(2011) , 10.1007/978-3-642-23822-2_23
Sebastian Roschke, Feng Cheng, Christoph Meinel, A new alert correlation algorithm based on attack graph computational intelligence and security. pp. 58- 67 ,(2011) , 10.1007/978-3-642-21323-6_8
Jason Li, Xinming Ou, Raj Rajagopalan, Uncertainty and Risk Management in Cyber Situational Awareness Ai & Society. ,vol. 46, pp. 51- 68 ,(2010) , 10.1007/978-1-4419-0140-8_4
Ali A. Ghorbani, Bin Zhu, Alert Correlation for Extracting Attack Strategies International Journal of Network Security. ,vol. 3, pp. 244- 258 ,(2006)
Oliver M. Dain, Robert K. Cunningham, Building Scenarios from a Heterogeneous Alert Stream ,(2001)
Seyed Ali Mirheidari, Sajjad Arshad, Rasool Jalili, Alert Correlation Algorithms: A Survey and Taxonomy International Symposium on Cyberspace Safety and Security. pp. 183- 197 ,(2013) , 10.1007/978-3-319-03584-0_14
Sherif Saad, Issa Traore, Extracting Attack Scenarios Using Intrusion Semantics Foundations and Practice of Security. pp. 278- 292 ,(2013) , 10.1007/978-3-642-37119-6_18
Saeed Salah, Gabriel Maciá-Fernández, Jesús E. Díaz-Verdejo, Survey A model-based survey of alert correlation techniques Computer Networks. ,vol. 57, pp. 1289- 1317 ,(2013) , 10.1016/J.COMNET.2012.10.022