Attacker Behaviour Forecasting Using Methods of Intelligent Data Analysis: A Comparative Review and Prospects

Doynikova, Elena; Novikova, Evgenia; Kotenko, Igor

doi:10.3390/info11030168

Cited by 22 publications

(8 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As a result, it is crucial for security systems to be up-to-date against scams, malware (malicious software), spam, and phishing attacks [3]. Although one solution can be focusing on detection [4] and classification [5] of the cyber attacks, it will not be sufficient enough considering the fact that these attacks happen globally [6]. There is an evident need for deeper understanding of cyber attacks in terms of spatial analysis [7].…”

Section: Introductionmentioning

confidence: 99%

The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study

et al. 2020

View full text Add to dashboard Cite

In this study, we aimed to identify spatial clusters of countries with high rates of cyber attacks directed at other countries. The cyber attack dataset was obtained from Canadian Institute for Cybersecurity, with over 110,000 Uniform Resource Locators (URLs), which were classified into one of 5 categories: benign, phishing, malware, spam, or defacement. The disease surveillance software SaTScanTM was used to perform a spatial analysis of the country of origin for each cyber attack. It allowed the identification of spatial and space-time clusters of locations with unusually high counts or rates of cyber attacks. Number of internet users per country obtained from the 2016 CIA World Factbook was used as the population baseline for computing rates and Poisson analysis in SaTScanTM. The clusters were tested for significance with a Monte Carlo study within SaTScanTM, where any cluster with p < 0.05 was designated as a significant cyber attack cluster. Results using the rate of the different types of malicious URL cyber attacks are presented in this paper. This novel approach of studying cyber attacks from a spatial perspective provides an invaluable relative risk assessment for each type of cyber attack that originated from a particular country.

show abstract

Section: Introductionmentioning

confidence: 99%

The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study

et al. 2020

View full text Add to dashboard Cite

show abstract

“…However, the motivation of these attackers is usually presented in relation to the automation level of mines, goal/business impact, mode of attack, and attackers’ profile/model (e.g., hacktivists, competitors, cybercriminal syndicates, employees, terrorists). The attackers’ profile/model, in turn, also depends on the attackers’ skills/knowledge or location (see [ 55 ]). In another work [ 56 ], the cyber attackers are characterized by taking into account, among others, their motivation, technique used, or types of targets.…”

Section: Fuzzy-based Risk Analysis Methodsmentioning

confidence: 99%

Cyber-Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use

Tubis

Werbińska-Wojciechowska

Góralczyk

et al. 2020

Sensors

View full text Add to dashboard Cite

The rising automation level and development of the Industry 4.0 concept in the mining sector increase the risk of cyber-attacks. As a result, this article focuses on developing a risk analysis method that integrates Kaplan’s and Garrick’s approach and fuzzy theory. The proposed approach takes into account the level of automation of the operating mining processes. Moreover, it follows five main steps, including identifying the automation level in a selected mine, definition of cyber-attack targets, identification of cyber-attack techniques, definition of cyber-attack consequences, and risk ratio assessment. The proposed risk assessment procedure was performed according to three cyber-attack targets (databases, internal networks, machinery) and seven selected types of cyber-attack techniques. The fuzzy theory is implemented in risk parameter estimation for cyber-attack scenario occurrence in the mining industry. To illustrate the given method’s applicability, seven scenarios for three levels of mine automation are analyzed. The proposed method may be used to reveal the current cybersecurity status of the mine. Moreover, it will be a valuable guide for mines in which automation is planned in the near future.

show abstract

“…We analyzed a set of studies to understand what approaches exist in the area. Based on the conducted analysis, we outlined four main groups of techniques for attacker specification and modelling in risk analysis tasks [ 17 ]: attack graph analysis; hidden Markov model; fuzzy inference; attributing cyber attacks using data mining techniques including neural networks, statistics, etc. …”

Section: Related Workmentioning

confidence: 99%

“…In [ 17 ], the authors analyzed existing models of both classes and their application for risk analysis tasks. This paper extends the obtained results and presents them in the form of a taxonomy of the attacker model attributes that considers risk analysis techniques that use attacker models.…”

Section: Introductionmentioning

confidence: 99%

“…In [ 17 ], the authors formulated a set of questions related to the attacker model as follows: how do we specify the attacker model? how do we automatically calculate the values of attributes constituting the attacker model to determine the attacker profile using a non-expert technique based on the dynamic data gathered from logs and traffic during target system operation?…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Attacker Profiling for Risk Analysis Based on Machine Learning

Kotenko

Doynikova

Novikova

et al. 2023

Sensors

Self Cite

View full text Add to dashboard Cite

The notion of the attacker profile is often used in risk analysis tasks such as cyber attack forecasting, security incident investigations and security decision support. The attacker profile is a set of attributes characterising an attacker and their behaviour. This paper analyzes the research in the area of attacker modelling and presents the analysis results as a classification of attacker models, attributes and risk analysis techniques that are used to construct the attacker models. The authors introduce a formal two-level attacker model that consists of high-level attributes calculated using low-level attributes that are in turn calculated on the basis of the raw security data. To specify the low-level attributes, the authors performed a series of experiments with datasets of attacks. Firstly, the requirements of the datasets for the experiments were specified in order to select the appropriate datasets, and, afterwards, the applicability of the attributes formed on the basis of such nominal parameters as bash commands and event logs to calculate high-level attributes was evaluated. The results allow us to conclude that attack team profiles can be differentiated using nominal parameters such as bash history logs. At the same time, accurate attacker profiling requires the extension of the low-level attributes list.

show abstract

Attacker Behaviour Forecasting Using Methods of Intelligent Data Analysis: A Comparative Review and Prospects

Cited by 22 publications

References 43 publications

The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study

The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study

Cyber-Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use

Cyber Attacker Profiling for Risk Analysis Based on Machine Learning

Contact Info

Product

Resources

About