Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F49777513%3A23520%2F21%3A43962454" target="_blank" >RIV/49777513:23520/21:43962454 - isvavai.cz</a>
Výsledek na webu
<a href="https://doi.org/10.3390/electronics10172160" target="_blank" >https://doi.org/10.3390/electronics10172160</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.3390/electronics10172160" target="_blank" >10.3390/electronics10172160</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data
Popis výsledku v původním jazyce
A framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, is being introduced that, in contrast to the state-of-the-art, is able to process the output of various online unsupervised outlier detection methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterize and represent the potential attack scenarios with respect to their communication relations, their manifestation in the data’s features and their temporal behavior. The evaluation on two popular data sets shows that SOAAPR can compete with an offline competitor in terms of alert correlation and outperforms it significantly in terms of processing time. Moreover, in most cases all three types of signatures seem to reliably characterize attack scenarios to the effect that similar ones are grouped together.
Název v anglickém jazyce
Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data
Popis výsledku anglicky
A framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, is being introduced that, in contrast to the state-of-the-art, is able to process the output of various online unsupervised outlier detection methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterize and represent the potential attack scenarios with respect to their communication relations, their manifestation in the data’s features and their temporal behavior. The evaluation on two popular data sets shows that SOAAPR can compete with an offline competitor in terms of alert correlation and outperforms it significantly in terms of processing time. Moreover, in most cases all three types of signatures seem to reliably characterize attack scenarios to the effect that similar ones are grouped together.
Klasifikace
Druh
J<sub>imp</sub> - Článek v periodiku v databázi Web of Science
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
<a href="/cs/project/LO1506" target="_blank" >LO1506: Podpora udržitelnosti centra NTIS - Nové technologie pro informační společnost</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Ostatní
Rok uplatnění
2021
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název periodika
Electronics
ISSN
2079-9292
e-ISSN
—
Svazek periodika
10
Číslo periodika v rámci svazku
17
Stát vydavatele periodika
CH - Švýcarská konfederace
Počet stran výsledku
42
Strana od-do
1-42
Kód UT WoS článku
000694149100001
EID výsledku v databázi Scopus
2-s2.0-85114342418