Name
Abstract | ||
|---|---|---|
Cyber attacks from the Internet often span over multiple ports and multiple hosts. This work hypothesizes that there are distinct sequential patterns revealing hacking behavior. A feature called Attack Transition Action (ATA) is defined to represent the changes on attacked destinations and ports over time. The simplicity of the feature enables the development of a probabilistic model, revealing higher order transitions hidden within the attack sequences. The model trained with a real-world attack dataset uncovers several natural clusters of Internet attack behaviors. The discovered behavior patterns are explained with representative hacking strategies. Our systematic modeling and analysis provides an effective means to characterize classes of Internet attacks. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1109/ICCCN.2011.6006017 | ICCCN |
Keywords | Field | DocType |
attack sequences,natural clusters,attack transition action,computer crime,cyber attacks,computer network security,internet,hacking strategy,probability,probabilistic model,higher order,markov process,markov processes | Port (computer networking),Markov process,Computer security,Computer science,Network security,Computer network,Hacker,Statistical model,Transition (action),The Internet | Conference |
ISSN | ISBN | Citations |
1095-2055 | 978-1-4577-0637-0 | 4 |
PageRank | References | Authors |
0.52 | 13 | 2 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Haitao Du | 1 | 55 | 6.88 |
| Shanchieh Jay Yang | 2 | 131 | 23.11 |