Towards Predicting Cyber Attacks Using Information Exchange and Data Mining

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F18%3A00106887" target="_blank" >RIV/00216224:14610/18:00106887 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/8450512/" target="_blank" >https://ieeexplore.ieee.org/document/8450512/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/IWCMC.2018.8450512" target="_blank" >10.1109/IWCMC.2018.8450512</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Towards Predicting Cyber Attacks Using Information Exchange and Data Mining

Popis výsledku v původním jazyce

In this paper, we present an empirical evaluation of an approach to predict attacker's activities based on information exchange and data mining. We gathered the cyber security alerts shared within the SABU platform, in which around 220,000 alerts from heterogeneous geographically distributed sensors (intrusion detection systems and honeypots) are shared every day. Subsequently, we used the methods of sequential rule mining to identify common attack patterns and to derive rules for predicting attacks. As we illustrate in this paper, a collaborative environment allows attack prediction in multiple dimensions. First, we can predict what will the attacker do next and when. Second, we can predict where will the attack hit, e.g., when an attacker is targeting several networks at once. In a week-long experiment, we processed in total over 1 million alerts, from which we mined predictive rules every day. Our findings show that most of the rules display stable values of support and confidence and, thus, can be used to predict cyber attacks in consecutive days after mining without a need to actualize the rules every day.

Název v anglickém jazyce

Towards Predicting Cyber Attacks Using Information Exchange and Data Mining

Popis výsledku anglicky

In this paper, we present an empirical evaluation of an approach to predict attacker's activities based on information exchange and data mining. We gathered the cyber security alerts shared within the SABU platform, in which around 220,000 alerts from heterogeneous geographically distributed sensors (intrusion detection systems and honeypots) are shared every day. Subsequently, we used the methods of sequential rule mining to identify common attack patterns and to derive rules for predicting attacks. As we illustrate in this paper, a collaborative environment allows attack prediction in multiple dimensions. First, we can predict what will the attacker do next and when. Second, we can predict where will the attack hit, e.g., when an attacker is targeting several networks at once. In a week-long experiment, we processed in total over 1 million alerts, from which we mined predictive rules every day. Our findings show that most of the rules display stable values of support and confidence and, thus, can be used to predict cyber attacks in consecutive days after mining without a need to actualize the rules every day.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/VI20162019029" target="_blank" >VI20162019029: Sdílení a analýza bezpečnostních událostí v ČR</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC)

ISBN

9781538620700

ISSN

2376-6492

e-ISSN

—

Počet stran výsledku

6

Strana od-do

536-541

Název nakladatele

IEEE

Místo vydání

Limassol

Místo konání akce

Limassol

Datum konání akce

25. 6. 2018

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000447259500091