Paper Info
Title
Attack2vec: Leveraging Temporal Word Embeddings To Understand The Evolution Of Cyberattacks
Abstract
Despite the fact that cyberattacks are constantly growing in complexity, the research community still lacks effective tools to easily monitor and understand them. In particular, there is a need for techniques that are able to not only track how prominently certain malicious actions, such as the exploitation of specific vulnerabilities, are exploited in the wild, but also (and more importantly) how these malicious actions factor in as attack steps in more complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve. We test ATTACK2VEC on a dataset of billions of security events collected from the customers of a commercial Intrusion Prevention System over a period of two years, and show that our approach is effective in monitoring the emergence of new attack strategies in the wild and in flagging which attack steps are often used together by attackers (e.g., vulnerabilities that are frequently exploited together). ATTACK2VEC provides a useful tool for researchers and practitioners to better understand cyberattacks and their evolution, and use this knowledge to improve situational awareness and develop proactive defenses.
Year
Venue
Field
2019
PROCEEDINGS OF THE 28TH USENIX SECURITY SYMPOSIUM
Computer science,Computer security,Situation awareness,Flagging,Intrusion prevention system,Vulnerability
DocType
Volume
ISSN
Journal
abs/1905.12590
2019 USENIX Security Symposium
Citations 
PageRank 
References 
0
0.34
0
Authors
2
Name
Order
Citations
PageRank
Yun Shen118518.88
Gianluca Stringhini270161.87