Network entity characterization and attack prediction
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F19%3A10133136" target="_blank" >RIV/63839172:_____/19:10133136 - isvavai.cz</a>
Result on the web
<a href="https://www.sciencedirect.com/science/article/pii/S0167739X18307799" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167739X18307799</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.future.2019.03.016" target="_blank" >10.1016/j.future.2019.03.016</a>
Alternative languages
Result language
angličtina
Original language name
Network entity characterization and attack prediction
Original language description
The devastating effects of cyber-attacks, highlight the need for novel attack detection and prevention techniques. Over the last years, considerable work has been done in the areas of attack detection as well as in collaborative defense. However, an analysis of the state of the art suggests that many challenges exist in prioritizing alert data and in studying the relation between a recently discovered attack and the probability of it occurring again. In this article, we propose a system that is intended for characterizing network entities and the likelihood that they will behave maliciously in the future. Our system, namely Network Entity Reputation Database System (NERDS), takes into account all the available information regarding a network entity (e. g. IP address) to calculate the probability that it will act maliciously. The latter part is achieved via the utilization of machine learning. Our experimental results show that it is indeed possible to precisely estimate the probability of future attacks from each entity using information about its previous malicious behavior and other characteristics. Ranking the entities by this probability has practical applications in alert prioritization, assembly of highly effective blacklists of a limited length and other use cases.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
Result was created during the realization of more than one project. More information in the Projects tab.
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2019
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Future Generation Computer Systems
ISSN
0167-739X
e-ISSN
—
Volume of the periodical
2019
Issue of the periodical within the volume
97
Country of publishing house
NL - THE KINGDOM OF THE NETHERLANDS
Number of pages
13
Pages from-to
674-686
UT code for WoS article
000469154500051
EID of the result in the Scopus database
2-s2.0-85063286903