HeATed Alert Triage (HeAT): Transferrable Learning to Extract Multistage Attack Campaigns

12/28/2022
by   Stephen Moskal, et al.
0

With growing sophistication and volume of cyber attacks combined with complex network structures, it is becoming extremely difficult for security analysts to corroborate evidences to identify multistage campaigns on their network. This work develops HeAT (Heated Alert Triage): given a critical indicator of compromise (IoC), e.g., a severe IDS alert, HeAT produces a HeATed Attack Campaign (HAC) depicting the multistage activities that led up to the critical event. We define the concept of "Alert Episode Heat" to represent the analysts opinion of how much an event contributes to the attack campaign of the critical IoC given their knowledge of the network and security expertise. Leveraging a network-agnostic feature set, HeAT learns the essence of analyst's assessment of "HeAT" for a small set of IoC's, and applies the learned model to extract insightful attack campaigns for IoC's not seen before, even across networks by transferring what have been learned. We demonstrate the capabilities of HeAT with data collected in Collegiate Penetration Testing Competition (CPTC) and through collaboration with a real-world SOC. We developed HeAT-Gain metrics to demonstrate how analysts may assess and benefit from the extracted attack campaigns in comparison to common practices where IP addresses are used to corroborate evidences. Our results demonstrates the practical uses of HeAT by finding campaigns that span across diverse attack stages, remove a significant volume of irrelevant alerts, and achieve coherency to the analyst's original assessments.

READ FULL TEXT

page 1

page 7

research
05/17/2023

How to train your demon to do fast information erasure without heat production

Time-dependent protocols that perform irreversible logical operations, s...
research
02/21/2015

A Heat-Map-based Algorithm for Recognizing Group Activities in Videos

In this paper, a new heat-map-based (HMB) algorithm is proposed for grou...
research
07/28/2018

SEA: A Combined Model for Heat Demand Prediction

Heat demand prediction is a prominent research topic in the area of inte...
research
04/10/2019

Trick or Heat? Attack on Amplification Circuits to Abuse Critical Temperature Control Systems

Temperature sensors are extensively used in real-time monitoring and con...
research
04/27/2022

Market Integration of Excess Heat

Excess heat will be an important heat source in future carbon-neutral di...
research
09/12/2018

Finding Cheeger Cuts in Hypergraphs via Heat Equation

Cheeger's inequality states that a tightly connected subset can be extra...
research
03/26/2018

Heat Kernel analysis of Syntactic Structures

We consider two different data sets of syntactic parameters and we discu...

Please sign up or login with your details

Forgot password? Click here to reset