Dataset Selection for Attacker Group Identification Methods
Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of...
Guardado en:
Autores principales: | , |
---|---|
Formato: | article |
Lenguaje: | EN |
Publicado: |
FRUCT
2021
|
Materias: | |
Acceso en línea: | https://doaj.org/article/ecbfc5fbf98841669fd1e19471a22407 |
Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
id |
oai:doaj.org-article:ecbfc5fbf98841669fd1e19471a22407 |
---|---|
record_format |
dspace |
spelling |
oai:doaj.org-article:ecbfc5fbf98841669fd1e19471a224072021-11-20T15:59:33ZDataset Selection for Attacker Group Identification Methods2305-72542343-073710.23919/FRUCT53335.2021.9599966https://doaj.org/article/ecbfc5fbf98841669fd1e19471a224072021-10-01T00:00:00Zhttps://www.fruct.org/publications/fruct30/files/Pav.pdfhttps://doaj.org/toc/2305-7254https://doaj.org/toc/2343-0737Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of alert correlation systems is to identify groups of attackers, its solution allows to improve the accuracy of determining the threat level of malicious actors, which helps in choosing response measures, and to determine patterns of similarity between attacks, which helps in forensic investigation. To date, there is no universal dataset suitable for testing the effectiveness of any method related to intrusion detection systems, and the most appropriate dataset for the task of attacker group identification has not been selected. The paper considers the existing approaches to the formation of requirements for datasets for use in intrusion detection tasks, analyzes modern datasets. A list of requirements for datasets is formed for their use in testing methods for identifying groups of attackers based on the specifics of the task. Weights are determined for the requirements, and a usability rating is determined for the modern datasets. An alternative data source is proposed to meet requirements that are poorly addressed by the current datasets.Artem PavlovNatalia VoloshinaFRUCTarticlecybersecurityalert correlationintrusion detectionattacker groupsdatasetsthreat intelligenceTelecommunicationTK5101-6720ENProceedings of the XXth Conference of Open Innovations Association FRUCT, Vol 30, Iss 1, Pp 171-176 (2021) |
institution |
DOAJ |
collection |
DOAJ |
language |
EN |
topic |
cybersecurity alert correlation intrusion detection attacker groups datasets threat intelligence Telecommunication TK5101-6720 |
spellingShingle |
cybersecurity alert correlation intrusion detection attacker groups datasets threat intelligence Telecommunication TK5101-6720 Artem Pavlov Natalia Voloshina Dataset Selection for Attacker Group Identification Methods |
description |
Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of alert correlation systems is to identify groups of attackers, its solution allows to improve the accuracy of determining the threat level of malicious actors, which helps in choosing response measures, and to determine patterns of similarity between attacks, which helps in forensic investigation. To date, there is no universal dataset suitable for testing the effectiveness of any method related to intrusion detection systems, and the most appropriate dataset for the task of attacker group identification has not been selected. The paper considers the existing approaches to the formation of requirements for datasets for use in intrusion detection tasks, analyzes modern datasets. A list of requirements for datasets is formed for their use in testing methods for identifying groups of attackers based on the specifics of the task. Weights are determined for the requirements, and a usability rating is determined for the modern datasets. An alternative data source is proposed to meet requirements that are poorly addressed by the current datasets. |
format |
article |
author |
Artem Pavlov Natalia Voloshina |
author_facet |
Artem Pavlov Natalia Voloshina |
author_sort |
Artem Pavlov |
title |
Dataset Selection for Attacker Group Identification Methods |
title_short |
Dataset Selection for Attacker Group Identification Methods |
title_full |
Dataset Selection for Attacker Group Identification Methods |
title_fullStr |
Dataset Selection for Attacker Group Identification Methods |
title_full_unstemmed |
Dataset Selection for Attacker Group Identification Methods |
title_sort |
dataset selection for attacker group identification methods |
publisher |
FRUCT |
publishDate |
2021 |
url |
https://doaj.org/article/ecbfc5fbf98841669fd1e19471a22407 |
work_keys_str_mv |
AT artempavlov datasetselectionforattackergroupidentificationmethods AT nataliavoloshina datasetselectionforattackergroupidentificationmethods |
_version_ |
1718419457806696448 |