Dataset Selection for Attacker Group Identification Methods
Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
FRUCT
2021-10-01
|
| Series: | Proceedings of the XXth Conference of Open Innovations Association FRUCT |
| Subjects: | |
| Online Access: | https://www.fruct.org/publications/fruct30/files/Pav.pdf |
| _version_ | 1798034952548253696 |
|---|---|
| author | Artem Pavlov Natalia Voloshina |
| author_facet | Artem Pavlov Natalia Voloshina |
| author_sort | Artem Pavlov |
| collection | DOAJ |
| description | Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of alert correlation systems is to identify groups of attackers, its solution allows to improve the accuracy of determining the threat level of malicious actors, which helps in choosing response measures, and to determine patterns of similarity between attacks, which helps in forensic investigation. To date, there is no universal dataset suitable for testing the effectiveness of any method related to intrusion detection systems, and the most appropriate dataset for the task of attacker group identification has not been selected. The paper considers the existing approaches to the formation of requirements for datasets for use in intrusion detection tasks, analyzes modern datasets. A list of requirements for datasets is formed for their use in testing methods for identifying groups of attackers based on the specifics of the task. Weights are determined for the requirements, and a usability rating is determined for the modern datasets. An alternative data source is proposed to meet requirements that are poorly addressed by the current datasets. |
| first_indexed | 2024-04-11T20:50:32Z |
| format | Article |
| id | doaj.art-ecbfc5fbf98841669fd1e19471a22407 |
| institution | Directory Open Access Journal |
| issn | 2305-7254 2343-0737 |
| language | English |
| last_indexed | 2024-04-11T20:50:32Z |
| publishDate | 2021-10-01 |
| publisher | FRUCT |
| record_format | Article |
| series | Proceedings of the XXth Conference of Open Innovations Association FRUCT |
| spelling | doaj.art-ecbfc5fbf98841669fd1e19471a224072022-12-22T04:03:51ZengFRUCTProceedings of the XXth Conference of Open Innovations Association FRUCT2305-72542343-07372021-10-0130117117610.23919/FRUCT53335.2021.9599966Dataset Selection for Attacker Group Identification MethodsArtem Pavlov0Natalia Voloshina1ITMO University, RussiaITMO University, RussiaIntrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of alert correlation systems is to identify groups of attackers, its solution allows to improve the accuracy of determining the threat level of malicious actors, which helps in choosing response measures, and to determine patterns of similarity between attacks, which helps in forensic investigation. To date, there is no universal dataset suitable for testing the effectiveness of any method related to intrusion detection systems, and the most appropriate dataset for the task of attacker group identification has not been selected. The paper considers the existing approaches to the formation of requirements for datasets for use in intrusion detection tasks, analyzes modern datasets. A list of requirements for datasets is formed for their use in testing methods for identifying groups of attackers based on the specifics of the task. Weights are determined for the requirements, and a usability rating is determined for the modern datasets. An alternative data source is proposed to meet requirements that are poorly addressed by the current datasets.https://www.fruct.org/publications/fruct30/files/Pav.pdfcybersecurityalert correlationintrusion detectionattacker groupsdatasetsthreat intelligence |
| spellingShingle | Artem Pavlov Natalia Voloshina Dataset Selection for Attacker Group Identification Methods Proceedings of the XXth Conference of Open Innovations Association FRUCT cybersecurity alert correlation intrusion detection attacker groups datasets threat intelligence |
| title | Dataset Selection for Attacker Group Identification Methods |
| title_full | Dataset Selection for Attacker Group Identification Methods |
| title_fullStr | Dataset Selection for Attacker Group Identification Methods |
| title_full_unstemmed | Dataset Selection for Attacker Group Identification Methods |
| title_short | Dataset Selection for Attacker Group Identification Methods |
| title_sort | dataset selection for attacker group identification methods |
| topic | cybersecurity alert correlation intrusion detection attacker groups datasets threat intelligence |
| url | https://www.fruct.org/publications/fruct30/files/Pav.pdf |
| work_keys_str_mv | AT artempavlov datasetselectionforattackergroupidentificationmethods AT nataliavoloshina datasetselectionforattackergroupidentificationmethods |