Paper Info
Title
MMSP: A LSTM Based Framework for Multi-Step Attack Prediction in Mixed Scenarios
Abstract
A multi-step attack scenario consisting of more than one attack step is difficult to predict because of various attack steps and complex combinations. The multi-step attack scenarios occurring simultaneously construct a mixed attack scenario, which is more common than a single attack scenario in practical systems. However, most of the existing multi-step attack prediction approaches only focus on a single attack scenario. In this paper, a framework MMSP is proposed for multi-step attack prediction in mixed scenarios. MMSP fractionates alerts by separating them into different scenarios and removing redundant samples. The attack scenarios fingerprint database of MMSP is built by modeling the attack steps regarding different scenarios based on the long short-term memory (LSTM) model. Each scenario corresponds to an LSTM model. A scenario matching method is also proposed to find potential attack scenarios hiding in the real-time alerts from the database. Finally, MMSP feeds fractionated alerts into the matched scenarios' LSTM models to predict attack steps. Extensive evaluations based on real-world datasets show that MMSP outperforms the state-of-the-art attack step prediction model in both single and mixed scenarios. MMSP achieves a 14.3 % -38.1 % improvement in accuracy for attack step prediction in the single scenario. In particular, MMSP can maintain a high level accuracy in mixed attack scenarios.
Year
DOI
Venue
2022
10.1109/ISCC55528.2022.9912978
2022 IEEE Symposium on Computers and Communications (ISCC)
Keywords
DocType
ISSN
Mixed multi-step attack,Attack step prediction,Community detection,Alert reduction,Attack scenario matching
Conference
1530-1346
ISBN
Citations 
PageRank 
978-1-6654-9793-0
0
0.34
References 
Authors
16
5
Name
Order
Citations
PageRank
Zijun Cheng100.34
Degang Sun201.69
Leiqi Wang300.34
Qiujian Lv400.34
Yan Wang516828.11