Identifying phases of a multistage attack via clustering

College

College of Computer Studies

Department/Unit

Computer Technology

Document Type

Archival Material/Manuscript

Publication Date

2011

Abstract

Large scale multistage attacks targeting organizations and nation states have become apparent in the last five years. In order to mitigate this threat, it is necessary to determine whether or not these are actually taking place. To determine such activities, it is necessary to identify the different phases that lead to this type of activity. Clustering algorithms have been used in previous studies to identify emerging threats towards computer networks and to correlate results from multiple sources as a means to alleviate the burden of manually analyzing data. As such, clustering algorithms such as K-Means lend themselves well to the task of grouping different network behavior in order to identify whether or not an attack is taking place. It is, however, crucial to choose the appropriate algorithm for this task. The K-Means algorithm, given its characteristics and its performance, has proven to be an effective tool in identifying the different stages of a multistage attack given data obtained from a live honeynet. The labeled data set produced may be used for classification or forecasting in later studies.

html

Disciplines

Information Security

Note

Publication/creation date supplied

Keywords

Computer algorithms; Computer security; Intrusion detection systems (Computer security)

Upload File

wf_no

This document is currently not available here.

Share

COinS