ASSERT: attack synthesis and separation with entropy redistribution towards predictive cyber defense

Okutan, Ahmet; Yang, Shanchieh Jay

doi:10.1186/s42400-019-0032-0

Cited by 14 publications

(12 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…AhmetOkutan et al [7], proposed a model called ASSERT(attack synthesis and separation with entropy redistribution towards predictive cyber defence) which continuously analyse and separates models which shows cyber-attack behaviour. This model helps to overcome the problem of predictive defence beyond intrusion detection, where attackers will do malicious actions by analysing different attack strategies and finding their weakness'.…”

Section: Literature Reviewmentioning

confidence: 99%

Major Hurdles of Cyber Security in 21st Century

Deepak¹,

S²,

Lal³

2020

IJEAT

View full text Add to dashboard Cite

A digital assault is an attack propelled by cybercriminals utilizing at least one PCs against a solitary or numerous PCs or systems. A digital assault can perniciously handicap PCs, take information, or utilize a ruptured PC as a dispatch point for different assaults. Cybercriminals utilize an assortment of strategies, including malware, phishing, ransomware, refusal of administration, among different techniques. Albeit most government offices and significant enterprises have completely sent individual devices as data safety efforts, focuses of assaults have extended to incorporate, other than government foundations, basic frameworks and explicit ventures and partnerships, calling for increasingly powerful counter measures. In this paper we have discussed about Cyber Attack and its types, its initiated and a major cyber-attacks in 21st century.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Major Hurdles of Cyber Security in 21st Century

Deepak¹,

S²,

Lal³

2020

IJEAT

View full text Add to dashboard Cite

show abstract

“…Probably the best-known tools were proposed by MITRE [92], such as CyGraph [73]. Applied research and experimental deployment are becoming subject of research by other research groups as well [48,54,56,78,80].…”

Section: Publications On Csamentioning

confidence: 99%

“…Their research in this area includes the characterization of multi-stage cyber attacks [23,25] and the creation of a system for multi-stage attack emulation that fuses concepts from computer networks, system vulnerabilities, attack behaviors, and scenarios [70]. More recent works include generating attack models without a priori knowledge [78] and investigating the use of Generative Adversarial Networks to learn and generate synthetic alert scenarios [90].…”

Section: Research Groupsmentioning

confidence: 99%

SoK

Husák

Jirsík

Yang

2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization. CCS CONCEPTS • Security and privacy → Formal security models; • Networks → Network security.

show abstract

“…A light-weight system that requires little expertise to configure, adapts to changing attack behaviors, and provides intuitive summary of intrusion activities is needed. Recognizing this technology gap, this work builds upon prior works [23], [24] to enhance and deploy ASSERT to consume intrusion alerts collected through a real-world SOC operation -OmniSOC at Inidiana University. The resulting system is a light-weight information theoretic unsupervised learning system that consumes streaming alerts and synthesizes statistical attack models in near real-time without prior knowledge.…”

Section: Introductionmentioning

confidence: 99%

Near Real-time Learning and Extraction of Attack Models from Intrusion Alerts

Yang,

Okutan,

Werner

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Critical and sophisticated cyberattacks often take multitudes of reconnaissance, exploitations, and obfuscation techniques to penetrate through well protected enterprise networks. The discovery and detection of attacks, though needing continuous efforts, is no longer sufficient. Security Operation Center (SOC) analysts are overwhelmed by the significant volume of intrusion alerts without being able to extract actionable intelligence. Recognizing this challenge, this paper describes the advances and findings through deploying ASSERT to process intrusion alerts from OmniSOC in collaboration with the Center for Applied Cybersecurity Research (CACR) at Indiana University. ASSERT utilizes information theoretic unsupervised learning to extract and update 'attack models' in near real-time without expert knowledge. It consumes streaming intrusion alerts and generates a small number of statistical models for SOC analysts to comprehend ongoing and emerging attacks in a timely manner. This paper presents the architecture and key processes of ASSERT and discusses a few real-world attack models to highlight the use-cases that benefit SOC operations. The research team is developing a light-weight containerized ASSERT that will be shared through a public repository to help the community combat the overwhelming intrusion alerts.

show abstract

ASSERT: attack synthesis and separation with entropy redistribution towards predictive cyber defense

Cited by 14 publications

References 33 publications

Major Hurdles of Cyber Security in 21st Century

Major Hurdles of Cyber Security in 21st Century

SoK

Near Real-time Learning and Extraction of Attack Models from Intrusion Alerts

Contact Info

Product

Resources

About