Dataset Selection for Attacker Group Identification Methods

Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Artem Pavlov, Natalia Voloshina
Formato: article
Lenguaje:EN
Publicado: FRUCT 2021
Materias:
Acceso en línea:https://doaj.org/article/ecbfc5fbf98841669fd1e19471a22407
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:ecbfc5fbf98841669fd1e19471a22407
record_format dspace
spelling oai:doaj.org-article:ecbfc5fbf98841669fd1e19471a224072021-11-20T15:59:33ZDataset Selection for Attacker Group Identification Methods2305-72542343-073710.23919/FRUCT53335.2021.9599966https://doaj.org/article/ecbfc5fbf98841669fd1e19471a224072021-10-01T00:00:00Zhttps://www.fruct.org/publications/fruct30/files/Pav.pdfhttps://doaj.org/toc/2305-7254https://doaj.org/toc/2343-0737Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of alert correlation systems is to identify groups of attackers, its solution allows to improve the accuracy of determining the threat level of malicious actors, which helps in choosing response measures, and to determine patterns of similarity between attacks, which helps in forensic investigation. To date, there is no universal dataset suitable for testing the effectiveness of any method related to intrusion detection systems, and the most appropriate dataset for the task of attacker group identification has not been selected. The paper considers the existing approaches to the formation of requirements for datasets for use in intrusion detection tasks, analyzes modern datasets. A list of requirements for datasets is formed for their use in testing methods for identifying groups of attackers based on the specifics of the task. Weights are determined for the requirements, and a usability rating is determined for the modern datasets. An alternative data source is proposed to meet requirements that are poorly addressed by the current datasets.Artem PavlovNatalia VoloshinaFRUCTarticlecybersecurityalert correlationintrusion detectionattacker groupsdatasetsthreat intelligenceTelecommunicationTK5101-6720ENProceedings of the XXth Conference of Open Innovations Association FRUCT, Vol 30, Iss 1, Pp 171-176 (2021)
institution DOAJ
collection DOAJ
language EN
topic cybersecurity
alert correlation
intrusion detection
attacker groups
datasets
threat intelligence
Telecommunication
TK5101-6720
spellingShingle cybersecurity
alert correlation
intrusion detection
attacker groups
datasets
threat intelligence
Telecommunication
TK5101-6720
Artem Pavlov
Natalia Voloshina
Dataset Selection for Attacker Group Identification Methods
description Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of alert correlation systems is to identify groups of attackers, its solution allows to improve the accuracy of determining the threat level of malicious actors, which helps in choosing response measures, and to determine patterns of similarity between attacks, which helps in forensic investigation. To date, there is no universal dataset suitable for testing the effectiveness of any method related to intrusion detection systems, and the most appropriate dataset for the task of attacker group identification has not been selected. The paper considers the existing approaches to the formation of requirements for datasets for use in intrusion detection tasks, analyzes modern datasets. A list of requirements for datasets is formed for their use in testing methods for identifying groups of attackers based on the specifics of the task. Weights are determined for the requirements, and a usability rating is determined for the modern datasets. An alternative data source is proposed to meet requirements that are poorly addressed by the current datasets.
format article
author Artem Pavlov
Natalia Voloshina
author_facet Artem Pavlov
Natalia Voloshina
author_sort Artem Pavlov
title Dataset Selection for Attacker Group Identification Methods
title_short Dataset Selection for Attacker Group Identification Methods
title_full Dataset Selection for Attacker Group Identification Methods
title_fullStr Dataset Selection for Attacker Group Identification Methods
title_full_unstemmed Dataset Selection for Attacker Group Identification Methods
title_sort dataset selection for attacker group identification methods
publisher FRUCT
publishDate 2021
url https://doaj.org/article/ecbfc5fbf98841669fd1e19471a22407
work_keys_str_mv AT artempavlov datasetselectionforattackergroupidentificationmethods
AT nataliavoloshina datasetselectionforattackergroupidentificationmethods
_version_ 1718419457806696448