Attack Pattern Recognition Through Correlating Cyber Situational Awareness in Computer Networks

Cyberpatterns ◽  
2014 ◽  
pp. 125-134
Author(s):  
Noor-ul-hassan Shirazi ◽  
Alberto Schaeffer-Filho ◽  
David Hutchison
Keyword(s):  
Pattern Recognition ◽  
Computer Networks ◽  
Situational Awareness ◽  
Attack Pattern

Designing Information Systems and Network Components for Situational Awareness

2012 ◽  
pp. 104-123
Author(s):  
Cyril Onwubiko
Keyword(s):  
Information Systems ◽  
Complex Networks ◽  
Computer Networks ◽  
Situational Awareness ◽  
Computer Network ◽  
Distributed Services ◽  
Network Applications ◽  
Systems Software ◽  
Design Requirements

Operators need situational awareness (SA) of their organisation’s computer networks and Information Systems in order to identify threats, estimate impact of attacks, evaluate risks, understand situations, and make sound decisions swiftly and accurately on what to protect against, and how to address incidents that may impact valued assets. Enterprise computer networks are often huge and complex, spanning across several WANs and supporting a number of distributed services. Understanding situations in such dynamic and complex networks is time-consuming and challenging. Operators SA are enhanced through a number of ways, one of which is through the use of situation-aware systems and technology. Designing situation-aware systems for computer network defence (CND) is difficult without understanding basic situational awareness design requirements of network applications and systems. Thus, this chapter investigates pertinent features that are foundation, essential, and beneficial for designing situation-aware systems, software, and network applications for CND.

scholarly journals InSight2: A Modular Visual Analysis Platform for Network Situational Awareness in Large-Scale Networks

Electronics ◽  
2020 ◽  
Vol 9 (10) ◽  
pp. 1747
Author(s):  
Hansaka Angel Dias Edirisinghe Kodituwakku ◽  
Alex Keller ◽  
Jens Gregor
Keyword(s):  
Real Time ◽  
Computer Networks ◽  
Network Flow ◽  
Large Scale ◽  
Visual Analysis ◽  
Situational Awareness ◽  
Monitoring Network ◽  
Network Activity ◽  
Flow Data ◽  
Large Scale Networks

The complexity and throughput of computer networks are rapidly increasing as a result of the proliferation of interconnected devices, data-driven applications, and remote working. Providing situational awareness for computer networks requires monitoring and analysis of network data to understand normal activity and identify abnormal activity. A scalable platform to process and visualize data in real time for large-scale networks enables security analysts and researchers to not only monitor and study network flow data but also experiment and develop novel analytics. In this paper, we introduce InSight2, an open-source platform for manipulating both streaming and archived network flow data in real time that aims to address the issues of existing solutions such as scalability, extendability, and flexibility. Case-studies are provided that demonstrate applications in monitoring network activity, identifying network attacks and compromised hosts and anomaly detection.

scholarly journals TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis

2019 ◽  
Vol 15 (07) ◽  
pp. 124
Author(s):  
Deris Stiawan ◽  
Dimas Wahyudi ◽  
Ahmad Heryanto ◽  
Samsuryadi Samsuryadi ◽  
Mohd. Yazid Idris ◽  
...  
Keyword(s):  
Pattern Recognition ◽  
Internet Of Things ◽  
Confusion Matrix ◽  
Feature Selection Method ◽  
Signature Analysis ◽  
Rule Based ◽  
Average Percentage ◽  
Attack Pattern ◽  
Precision Level ◽  
Rate Evaluation

<p class="0abstract">Focus of this research is TCP FIN flood attack pattern recognition in Internet of Things (IoT) network using rule based signature analysis method. Dataset is taken based on three scenario normal, attack and normal-attack. The process of identification and recognition of TCP FIN flood attack pattern is done based on observation and analysis of packet attribute from raw data (pcap) using a feature extraction and feature selection method. Further testing was conducted using snort as an IDS. The results of the confusion matrix detection rate evaluation against the snort as IDS show the average percentage of the precision level.</p>

scholarly journals Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data

Electronics ◽  
2021 ◽  
Vol 10 (17) ◽  
pp. 2160
Author(s):  
Michael Heigl ◽  
Enrico Weigelt ◽  
Andreas Urmann ◽  
Dalibor Fiala ◽  
Martin Schramm
Keyword(s):  
Pattern Recognition ◽  
Network Security ◽  
Outlier Detection ◽  
Concept Drift ◽  
Streaming Data ◽  
Alert Correlation ◽  
Attack Pattern ◽  
Correlation Methods ◽  
Attack Patterns ◽  
The One

Future-oriented networking infrastructures are characterized by highly dynamic Streaming Data (SD) whose volume, speed and number of dimensions increased significantly over the past couple of years, energized by trends such as Software-Defined Networking or Artificial Intelligence. As an essential core component of network security, Intrusion Detection Systems (IDS) help to uncover malicious activity. In particular, consecutively applied alert correlation methods can aid in mining attack patterns based on the alerts generated by IDS. However, most of the existing methods lack the functionality to deal with SD data affected by the phenomenon called concept drift and are mainly designed to operate on the output from signature-based IDS. Although unsupervised Outlier Detection (OD) methods have the ability to detect yet unknown attacks, most of the alert correlation methods cannot handle the outcome of such anomaly-based IDS. In this paper, we introduce a novel framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, which is able to process the output of various online unsupervised OD methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterizes and represents the potential attack scenarios with respect to their communication relations, their manifestation in the data's features and their temporal behavior. Beyond the recognition of known attacks, comparing derived signatures, they can be leveraged to find similarities between yet unknown and novel attack patterns. The evaluation, which is split into two parts, takes advantage of attack scenarios from the widely-used and popular CICIDS2017 and CSE‐CIC‐IDS2018 datasets. Firstly, the streaming alert correlation capability is evaluated on CICIDS2017 and compared to a state-of-the-art offline algorithm, called Graph-based Alert Correlation (GAC), which has the potential to deal with the outcome of anomaly-based IDS. Secondly, the three types of signatures are computed from attack scenarios in the datasets and compared to each other. The discussion of results, on the one hand, shows that SOAAPR can compete with GAC in terms of alert correlation capability leveraging four different metrics and outperforms it significantly in terms of processing time by an average factor of 70 in 11 attack scenarios. On the other hand, in most cases, all three types of signatures seem to reliably characterize attack scenarios such that similar ones are grouped together, with up to 99.05\% similarity between the FTP and SSH Patator attack.intrusion detection; alert analysis; alert correlation; outlier detection; attack scenario; streaming data; network security

Information Security for Situational Awareness in Computer Network Defense

2012 ◽  
pp. 86-103
Author(s):  
Uri Blumenthal ◽  
Joshua Haines ◽  
William Streilein ◽  
Gerald O’Leary
Keyword(s):  
Information Security ◽  
Computer Networks ◽  
Situational Awareness ◽  
Computer Network ◽  
Network Defense ◽  
Physical Time ◽  
Human Endeavor ◽  
Ancient Times ◽  
Military Strength ◽  
Computer Network Defense

Situational awareness – the perception of “what is going on” – is crucial in every field of human endeavor, especially so in the cyber world where most of the protections afforded by physical time and distance are taken away. Since ancient times, military science emphasized the importance of preserving your awareness of the battlefield and at the same time preventing your adversary from learning the true situation for as long as possible. Today cyber is officially recognized as a contested military domain like air, land, and sea. Therefore situational awareness in computer networks will be under attacks of military strength and will require military-grade protection. This chapter describes the emerging threats for computer SA, and the potential avenues of defense against them.

scholarly journals A Data Fusion Framework of Multi-Source Heterogeneous Network Security Situational Awareness Based on Attack Pattern

2020 ◽  
Vol 1550 ◽  
pp. 062025
Author(s):  
Yuangang Yao ◽  
Yanwei Sun ◽  
Zhaohui Liu ◽  
Xiangjie Meng ◽  
Zhaohui Liu
Keyword(s):  
Network Security ◽  
Data Fusion ◽  
Heterogeneous Network ◽  
Situational Awareness ◽  
Attack Pattern ◽  
Fusion Framework

Attack Pattern Recognition in the Internet of Things using Complex Event Processing and Machine Learning

2021 ◽  
Author(s):  
Jose Roldan-Gomez ◽  
Juan Boubeta-Puig ◽  
Juan Manuel Castelo Gomez ◽  
Javier Carrillo-Mondejar ◽  
Jose Luis Martinez Martinez
Keyword(s):  
Machine Learning ◽  
Pattern Recognition ◽  
Internet Of Things ◽  
Complex Event Processing ◽  
The Internet ◽  
Event Processing ◽  
Attack Pattern ◽  
The Internet Of Things
Sign in / Sign up

Export Citation Format

Share Document