Name
Abstract | ||
|---|---|---|
Cyber-attacks that are conducted in multiple stages over short or long periods of time are becoming more common. One approach for detecting such attacks at an early stage is to make use of attack patterns and attack signatures to provide a structure for correlating events collected from various sensors in the network. In this paper, we present our ongoing work on a pattern recognition system that aims to support cyber-defence analysts in sharing their attack knowledge and threat intelligence in the form of attack patterns or scenarios that can later be used to discover potential security breaches in their network. Our main goal is to allow the analysts to associate the attack patterns with their own organisation's security data and thus benefit from the collective attack knowledge without revealing any confidential information. We present the architecture of the system and describe a typical process for modelling multi-stage attacks. We demonstrate how its analytics engine interprets an attack pattern, tasks the data source agents to fetch and correlate relevant security events, and reports the results back for visualisation and further investigation. |
Year | DOI | Venue |
|---|---|---|
2017 | 10.5220/0006137103120317 | ICISSP: PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY |
Keywords | Field | DocType |
Cyber Security, Attack Patterns, Pattern Recognition System, Knowledge Sharing | Software engineering,Computer security,Computer science | Conference |
Citations | PageRank | References |
1 | 0.38 | 0 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Ian Herwono | 1 | 1 | 0.38 |
| Fadi Ali El-Moussa | 2 | 1 | 0.72 |