Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks
The rapid move to digitalization and usage of online information systems brings new and evolving threats that organizations must protect themselves from and respond to. Monitoring an organization’s network for malicious activity has become a standard practice together with event and log collection f...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2020-11-01
|
Series: | Information |
Subjects: | |
Online Access: | https://www.mdpi.com/2078-2489/11/11/537 |
_version_ | 1797547392687407104 |
---|---|
author | Terézia Mézešová Pavol Sokol Tomáš Bajtoš |
author_facet | Terézia Mézešová Pavol Sokol Tomáš Bajtoš |
author_sort | Terézia Mézešová |
collection | DOAJ |
description | The rapid move to digitalization and usage of online information systems brings new and evolving threats that organizations must protect themselves from and respond to. Monitoring an organization’s network for malicious activity has become a standard practice together with event and log collection from network hosts. Security operation centers deal with a growing number of alerts raised by intrusion detection systems that process the collected data and monitor networks. The alerts must be processed so that the relevant stakeholders can make informed decisions when responding to situations. Correlation of alerts into more expressive intrusion scenarios is an important tool in reducing false-positive and noisy alerts. In this paper, we propose correlation rules for identifying multi-stage attacks. Another contribution of this paper is a methodology for inferring from an alert the values needed to evaluate the attack in terms of the attacker’s skill level. We present our results on the CSE-CIC-IDS2018 data set. |
first_indexed | 2024-03-10T14:43:35Z |
format | Article |
id | doaj.art-1f1bde886a13434dae307150f0c328de |
institution | Directory Open Access Journal |
issn | 2078-2489 |
language | English |
last_indexed | 2024-03-10T14:43:35Z |
publishDate | 2020-11-01 |
publisher | MDPI AG |
record_format | Article |
series | Information |
spelling | doaj.art-1f1bde886a13434dae307150f0c328de2023-11-20T21:34:23ZengMDPI AGInformation2078-24892020-11-01111153710.3390/info11110537Evaluation of Attackers’ Skill Levels in Multi-Stage AttacksTerézia Mézešová0Pavol Sokol1Tomáš Bajtoš2Faculty of Science, Pavol Jozef Šafárik University in Košice, 040 01 Košice, SlovakiaFaculty of Science, Pavol Jozef Šafárik University in Košice, 040 01 Košice, SlovakiaFaculty of Science, Pavol Jozef Šafárik University in Košice, 040 01 Košice, SlovakiaThe rapid move to digitalization and usage of online information systems brings new and evolving threats that organizations must protect themselves from and respond to. Monitoring an organization’s network for malicious activity has become a standard practice together with event and log collection from network hosts. Security operation centers deal with a growing number of alerts raised by intrusion detection systems that process the collected data and monitor networks. The alerts must be processed so that the relevant stakeholders can make informed decisions when responding to situations. Correlation of alerts into more expressive intrusion scenarios is an important tool in reducing false-positive and noisy alerts. In this paper, we propose correlation rules for identifying multi-stage attacks. Another contribution of this paper is a methodology for inferring from an alert the values needed to evaluate the attack in terms of the attacker’s skill level. We present our results on the CSE-CIC-IDS2018 data set.https://www.mdpi.com/2078-2489/11/11/537alert correlationattack evaluationattacker skill level |
spellingShingle | Terézia Mézešová Pavol Sokol Tomáš Bajtoš Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks Information alert correlation attack evaluation attacker skill level |
title | Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks |
title_full | Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks |
title_fullStr | Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks |
title_full_unstemmed | Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks |
title_short | Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks |
title_sort | evaluation of attackers skill levels in multi stage attacks |
topic | alert correlation attack evaluation attacker skill level |
url | https://www.mdpi.com/2078-2489/11/11/537 |
work_keys_str_mv | AT tereziamezesova evaluationofattackersskilllevelsinmultistageattacks AT pavolsokol evaluationofattackersskilllevelsinmultistageattacks AT tomasbajtos evaluationofattackersskilllevelsinmultistageattacks |