DeepAI AI Chat
Log In Sign Up

Near Real-time Learning and Extraction of Attack Models from Intrusion Alerts

03/25/2021
by   Shanchieh Jay Yang, et al.
0

Critical and sophisticated cyberattacks often take multitudes of reconnaissance, exploitations, and obfuscation techniques to penetrate through well protected enterprise networks. The discovery and detection of attacks, though needing continuous efforts, is no longer sufficient. Security Operation Center (SOC) analysts are overwhelmed by the significant volume of intrusion alerts without being able to extract actionable intelligence. Recognizing this challenge, this paper describes the advances and findings through deploying ASSERT to process intrusion alerts from OmniSOC in collaboration with the Center for Applied Cybersecurity Research (CACR) at Indiana University. ASSERT utilizes information theoretic unsupervised learning to extract and update `attack models' in near real-time without expert knowledge. It consumes streaming intrusion alerts and generates a small number of statistical models for SOC analysts to comprehend ongoing and emerging attacks in a timely manner. This paper presents the architecture and key processes of ASSERT and discusses a few real-world attack models to highlight the use-cases that benefit SOC operations. The research team is developing a light-weight containerized ASSERT that will be shared through a public repository to help the community combat the overwhelming intrusion alerts.

READ FULL TEXT

page 3

page 4

page 6

12/02/2022

A Hybrid Deep Learning Anomaly Detection Framework for Intrusion Detection

Cyber intrusion attacks that compromise the users' critical and sensitiv...
07/06/2021

SAGE: Intrusion Alert-driven Attack Graph Extractor

Attack graphs (AG) are used to assess pathways availed by cyber adversar...
03/31/2021

Anomaly-Based Intrusion Detection by Machine Learning: A Case Study on Probing Attacks to an Institutional Network

Cyber attacks constitute a significant threat to organizations with impl...
10/08/2021

A Wireless Intrusion Detection System for 802.11 WPA3 Networks

Wi-Fi (802.11) networks have become an essential part of our daily lives...
05/09/2019

TRIDEnT: Building Decentralized Incentives for Collaborative Security

Sophisticated mass attacks, especially when exploiting zero-day vulnerab...
11/01/2020

Unsupervised Intrusion Detection System for Unmanned Aerial Vehicle with Less Labeling Effort

Along with the importance of safety, an IDS has become a significant tas...
12/28/2022

HeATed Alert Triage (HeAT): Transferrable Learning to Extract Multistage Attack Campaigns

With growing sophistication and volume of cyber attacks combined with co...