Cyberprints: Identifying Cyber Attackers by Feature Analysis

Blakely, Benjamin

doi:10.31274/etd-180810-2217

Cited by 7 publications

(5 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Attack characteristics (such as attack potentiality/probability) are defined on the base of attack graphs [10]. Attacker parameters are related to possible attackers and are considered in [3,5,10,18]. Integral (system) characteristics involve features that define common security estimations [5,7,13,14].…”

Section: Related Workmentioning

confidence: 99%

Security Assessment of Computer Networks Based on Attack Graphs and Security Events

Kotenko

Doynikova

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Part 2: The 2014 Asian Conference on Availability, Reliability and Security, AsiaARES 2014International audienceSecurity assessment is an important task for operation of modern computer networks. The paper suggests the security assessment technique based on attack graphs which can be implemented in contemporary SIEM systems. It is based on the security metrics taxonomy and different techniques for calculation of security metrics according to the data about current events. Proposed metrics form the basis for security awareness and reflect current security situation, including development of attacks, attacks sources and targets, attackers’ characteristics. The technique suggested is demonstrated on a case study

show abstract

Section: Related Workmentioning

confidence: 99%

Security Assessment of Computer Networks Based on Attack Graphs and Security Events

Kotenko

Doynikova

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Security metrics are an important element of the security evaluation system. From the system security level point of view a set of security metrics can be outlined: integral metrics of the common security level of system, metrics that define topological characteristics, malefactor characteristics and attack characteristics [3,19,32,34,35,37].…”

Section: Related Workmentioning

confidence: 99%

Fast Network Attack Modeling and Security Evaluation based on Attack Graphs

Kotenko

Chechulin

2014

JCSM

View full text Add to dashboard Cite

The paper suggests an approach to network attack modeling and security evaluation which is realized in advanced Security Information and Event Management (SIEM) systems. It is based on modeling of computer network and malefactors' behaviors, building attack graphs, processing current alerts for real-time adjusting of particular attack graphs, calculating different security metrics and providing security assessment procedures. The novelty of the proposed approach is the use of special algorithms for construction, modification and analysis of attack graphs aimed at rapid security evaluation. This allows using this approach in SIEM systems that operate in near-real time. The generalized architecture of the Attack Modeling and Security Evaluation Component (AMSEC), as one of the main analytical components of SIEM systems, is outlined. The main components and techniques for attack modeling and security evaluation are defined. A prototype of the AMSEC is presented. Experiments with this prototype are evaluated.

show abstract

“…In [10] calculation of the risk level on the base of the malefactor behavior is proposed. In some other papers, for example, in [5], attack attribution metrics are considered (the concrete actors involved, equipment and tools used, geographic position, motives, etc. ).…”

Section: Related Workmentioning

confidence: 99%

Comprehensive Multilevel Security Risk Assessment of Distributed Information Systems

Kotenko¹,

Doynikova²

2014

IJC

View full text Add to dashboard Cite

The paper suggests the multilevel approach to the risk assessment that is based on the system of security metrics and techniques for their calculation. Proposed techniques are based on attack graphs and service dependencies. They allow evaluating security of network topologies, malefactors and attack characteristics, and integral security properties and characteristics calculated on the basis of the cost-benefit and zero-day vulnerability analysis. Classification of these characteristics and separation of the security information on static, dynamic and historical allows defining different assessment levels. The paper considers the main issues and recommendations for using the risk assessment techniques based on the suggested approach.

show abstract

Cyberprints: Identifying Cyber Attackers by Feature Analysis

Cited by 7 publications

References 34 publications

Security Assessment of Computer Networks Based on Attack Graphs and Security Events

Security Assessment of Computer Networks Based on Attack Graphs and Security Events

Fast Network Attack Modeling and Security Evaluation based on Attack Graphs

Comprehensive Multilevel Security Risk Assessment of Distributed Information Systems

Contact Info

Product

Resources

About