TY - GEN
T1 - An Approach for Attack Scenario Construction Based on Dynamic Attack Path Graph
AU - He, Siying
AU - Wen, Mi
AU - Li, Xiumin
AU - Su, Zhou
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - With the complexity and variability of cyber attacks increasing, current approaches for constructing attack scenarios often overlook the continuity of attack behaviors. These approaches lead to challenges in dynamically reconstructing the complete attack path. Additionally, many false alerts significantly reduce the accuracy of restoring an attack scenario. Against these issues, this paper proposes an approach for attack scenario construction based on a dynamic attack path graph. First, this paper proposes an alert truth rate calculating approach which utilizes mutual information. And the paper constructs the attack path graph by considering multiple dimensions, including calculated alert features and alert truth rate. In addition, an attack chain generation algorithm is proposed to restore the dynamic and complete attack scenario. Secondly, in order to cope with the changing network, the paper introduces a dynamic probabilistic update algorithm that periodically adjusts the attack path as time progresses. Finally, Experimental results show that the proposed approach can recover all attack processes in the dataset, with an algorithmic complexity of O (M × N).
AB - With the complexity and variability of cyber attacks increasing, current approaches for constructing attack scenarios often overlook the continuity of attack behaviors. These approaches lead to challenges in dynamically reconstructing the complete attack path. Additionally, many false alerts significantly reduce the accuracy of restoring an attack scenario. Against these issues, this paper proposes an approach for attack scenario construction based on a dynamic attack path graph. First, this paper proposes an alert truth rate calculating approach which utilizes mutual information. And the paper constructs the attack path graph by considering multiple dimensions, including calculated alert features and alert truth rate. In addition, an attack chain generation algorithm is proposed to restore the dynamic and complete attack scenario. Secondly, in order to cope with the changing network, the paper introduces a dynamic probabilistic update algorithm that periodically adjusts the attack path as time progresses. Finally, Experimental results show that the proposed approach can recover all attack processes in the dataset, with an algorithmic complexity of O (M × N).
KW - Attack model
KW - Attack path
KW - Attack scenario construction
KW - Dynamic attack path graph
KW - False alert reduction
UR - https://www.scopus.com/pages/publications/85173063392
U2 - 10.1109/ICCC57788.2023.10233417
DO - 10.1109/ICCC57788.2023.10233417
M3 - 会议稿件
AN - SCOPUS:85173063392
T3 - 2023 IEEE/CIC International Conference on Communications in China, ICCC 2023
BT - 2023 IEEE/CIC International Conference on Communications in China, ICCC 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE/CIC International Conference on Communications in China, ICCC 2023
Y2 - 10 August 2023 through 12 August 2023
ER -