Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks

The rapid move to digitalization and usage of online information systems brings new and evolving threats that organizations must protect themselves from and respond to. Monitoring an organization’s network for malicious activity has become a standard practice together with event and log collection f...

Full description

Bibliographic Details
Main Authors: Terézia Mézešová, Pavol Sokol, Tomáš Bajtoš
Format: Article
Language:English
Published: MDPI AG 2020-11-01
Series:Information
Subjects:
Online Access:https://www.mdpi.com/2078-2489/11/11/537
_version_ 1797547392687407104
author Terézia Mézešová
Pavol Sokol
Tomáš Bajtoš
author_facet Terézia Mézešová
Pavol Sokol
Tomáš Bajtoš
author_sort Terézia Mézešová
collection DOAJ
description The rapid move to digitalization and usage of online information systems brings new and evolving threats that organizations must protect themselves from and respond to. Monitoring an organization’s network for malicious activity has become a standard practice together with event and log collection from network hosts. Security operation centers deal with a growing number of alerts raised by intrusion detection systems that process the collected data and monitor networks. The alerts must be processed so that the relevant stakeholders can make informed decisions when responding to situations. Correlation of alerts into more expressive intrusion scenarios is an important tool in reducing false-positive and noisy alerts. In this paper, we propose correlation rules for identifying multi-stage attacks. Another contribution of this paper is a methodology for inferring from an alert the values needed to evaluate the attack in terms of the attacker’s skill level. We present our results on the CSE-CIC-IDS2018 data set.
first_indexed 2024-03-10T14:43:35Z
format Article
id doaj.art-1f1bde886a13434dae307150f0c328de
institution Directory Open Access Journal
issn 2078-2489
language English
last_indexed 2024-03-10T14:43:35Z
publishDate 2020-11-01
publisher MDPI AG
record_format Article
series Information
spelling doaj.art-1f1bde886a13434dae307150f0c328de2023-11-20T21:34:23ZengMDPI AGInformation2078-24892020-11-01111153710.3390/info11110537Evaluation of Attackers’ Skill Levels in Multi-Stage AttacksTerézia Mézešová0Pavol Sokol1Tomáš Bajtoš2Faculty of Science, Pavol Jozef Šafárik University in Košice, 040 01 Košice, SlovakiaFaculty of Science, Pavol Jozef Šafárik University in Košice, 040 01 Košice, SlovakiaFaculty of Science, Pavol Jozef Šafárik University in Košice, 040 01 Košice, SlovakiaThe rapid move to digitalization and usage of online information systems brings new and evolving threats that organizations must protect themselves from and respond to. Monitoring an organization’s network for malicious activity has become a standard practice together with event and log collection from network hosts. Security operation centers deal with a growing number of alerts raised by intrusion detection systems that process the collected data and monitor networks. The alerts must be processed so that the relevant stakeholders can make informed decisions when responding to situations. Correlation of alerts into more expressive intrusion scenarios is an important tool in reducing false-positive and noisy alerts. In this paper, we propose correlation rules for identifying multi-stage attacks. Another contribution of this paper is a methodology for inferring from an alert the values needed to evaluate the attack in terms of the attacker’s skill level. We present our results on the CSE-CIC-IDS2018 data set.https://www.mdpi.com/2078-2489/11/11/537alert correlationattack evaluationattacker skill level
spellingShingle Terézia Mézešová
Pavol Sokol
Tomáš Bajtoš
Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks
Information
alert correlation
attack evaluation
attacker skill level
title Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks
title_full Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks
title_fullStr Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks
title_full_unstemmed Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks
title_short Evaluation of Attackers’ Skill Levels in Multi-Stage Attacks
title_sort evaluation of attackers skill levels in multi stage attacks
topic alert correlation
attack evaluation
attacker skill level
url https://www.mdpi.com/2078-2489/11/11/537
work_keys_str_mv AT tereziamezesova evaluationofattackersskilllevelsinmultistageattacks
AT pavolsokol evaluationofattackersskilllevelsinmultistageattacks
AT tomasbajtos evaluationofattackersskilllevelsinmultistageattacks