Predictions of Network Attacks in Collaborative Environment
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F20%3A00115348" target="_blank" >RIV/00216224:14610/20:00115348 - isvavai.cz</a>
Result on the web
<a href="http://dx.doi.org/10.1109/NOMS47738.2020.9110261" target="_blank" >http://dx.doi.org/10.1109/NOMS47738.2020.9110261</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/NOMS47738.2020.9110261" target="_blank" >10.1109/NOMS47738.2020.9110261</a>
Alternative languages
Result language
angličtina
Original language name
Predictions of Network Attacks in Collaborative Environment
Original language description
This paper is a digest of the thesis on predicting cyber attacks in a collaborative environment. While previous works mostly focused on predicting attacks as seen from a single observation point, we proposed taking advantage of collaboration and exchange of intrusion detection alerts among organizations and networks. Thus, we can observe the cyber attack on a large scale and predict the next action of an adversary and its target. The thesis follows the three levels of cyber situational awareness: perception, comprehension, and projection. In the perception phase, we discuss the improvements of intrusion detection systems that allow for sharing intrusion detection alerts and their correlation. In the comprehension phase, we employed data mining to discover frequent attack patterns. In the projection phase, we present the analytical framework for the predictive analysis of the alerts backed by data mining and contemporary data processing approaches. The results are shown from experimental evaluation in the security alert sharing platform SABU, where real-world alerts from Czech academic and commercial networks are shared. The thesis is accompanied by the implementation of the analytical framework and a dataset that provides a baseline for future work.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10200 - Computer and information sciences
Result continuities
Project
<a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2020
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium
ISBN
9781728149738
ISSN
—
e-ISSN
—
Number of pages
6
Pages from-to
1-6
Publisher name
IEEE
Place of publication
Budapest, Hungary
Event location
Budapest
Event date
Apr 20, 2020
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
—