Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F49777513%3A23520%2F21%3A43962454" target="_blank" >RIV/49777513:23520/21:43962454 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.3390/electronics10172160" target="_blank" >https://doi.org/10.3390/electronics10172160</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.3390/electronics10172160" target="_blank" >10.3390/electronics10172160</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data

Popis výsledku v původním jazyce

A framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, is being introduced that, in contrast to the state-of-the-art, is able to process the output of various online unsupervised outlier detection methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterize and represent the potential attack scenarios with respect to their communication relations, their manifestation in the data’s features and their temporal behavior. The evaluation on two popular data sets shows that SOAAPR can compete with an offline competitor in terms of alert correlation and outperforms it significantly in terms of processing time. Moreover, in most cases all three types of signatures seem to reliably characterize attack scenarios to the effect that similar ones are grouped together.

Název v anglickém jazyce

Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data

Popis výsledku anglicky

A framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, is being introduced that, in contrast to the state-of-the-art, is able to process the output of various online unsupervised outlier detection methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterize and represent the potential attack scenarios with respect to their communication relations, their manifestation in the data’s features and their temporal behavior. The evaluation on two popular data sets shows that SOAAPR can compete with an offline competitor in terms of alert correlation and outperforms it significantly in terms of processing time. Moreover, in most cases all three types of signatures seem to reliably characterize attack scenarios to the effect that similar ones are grouped together.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/LO1506" target="_blank" >LO1506: Podpora udržitelnosti centra NTIS - Nové technologie pro informační společnost</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Electronics

ISSN

2079-9292

e-ISSN

—

Svazek periodika

10

Číslo periodika v rámci svazku

17

Stát vydavatele periodika

CH - Švýcarská konfederace

Počet stran výsledku

42

Strana od-do

1-42

Kód UT WoS článku

000694149100001

EID výsledku v databázi Scopus

2-s2.0-85114342418