Identifying phases of a multistage attack via clustering
College
College of Computer Studies
Department/Unit
Computer Technology
Document Type
Archival Material/Manuscript
Publication Date
2011
Abstract
Large scale multistage attacks targeting organizations and nation states have become apparent in the last five years. In order to mitigate this threat, it is necessary to determine whether or not these are actually taking place. To determine such activities, it is necessary to identify the different phases that lead to this type of activity. Clustering algorithms have been used in previous studies to identify emerging threats towards computer networks and to correlate results from multiple sources as a means to alleviate the burden of manually analyzing data. As such, clustering algorithms such as K-Means lend themselves well to the task of grouping different network behavior in order to identify whether or not an attack is taking place. It is, however, crucial to choose the appropriate algorithm for this task. The K-Means algorithm, given its characteristics and its performance, has proven to be an effective tool in identifying the different stages of a multistage attack given data obtained from a live honeynet. The labeled data set produced may be used for classification or forecasting in later studies.
html
Recommended Citation
Gomez, M. N. (2011). Identifying phases of a multistage attack via clustering. Retrieved from https://animorepository.dlsu.edu.ph/faculty_research/6484
Disciplines
Information Security
Keywords
Computer algorithms; Computer security; Intrusion detection systems (Computer security)
Upload File
wf_no
Note
Publication/creation date supplied