A classification framework for distinct cyber-attacks based on occurrence patterns

Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI:10.1145/2799979.2800037

M. S. Awan, Mohammed A. Alghamdi, Sultan H. Almotiri, P. Burnap, O. Rana

{"title":"A classification framework for distinct cyber-attacks based on occurrence patterns","authors":"M. S. Awan, Mohammed A. Alghamdi, Sultan H. Almotiri, P. Burnap, O. Rana","doi":"10.1145/2799979.2800037","DOIUrl":null,"url":null,"abstract":"An increasingly mature, stealthy and dynamic techniques and attack vectors used by cyber criminals have made the critical network infrastructure more vulnerable to security breaches. Following 'Bring Your Own Device (BYOD)' policies and remote-work style of accessing network infra structure leaves the whole network vulnerable to new unknown malware, botnets, advanced persistent threats, coordinated attack patterns, etc., in addition to existing vulnerabilities inherent in software applications. Such an environment demands a network administrator to understand the nature and patterns of cyber-attacks targeting the network infra structure so that appropriate measures could be introduced. In this paper we propose a framework to classify cyber-attacks based on their pattern of occurrence. We validate the classification approach using real malicious traffic logs by focusing on: i) temporal behaviour of cyber-attacks; ii) correlation between cyber-attacks; and iii) targeted software applications.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th International Conference on Security of Information and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2799979.2800037","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

An increasingly mature, stealthy and dynamic techniques and attack vectors used by cyber criminals have made the critical network infrastructure more vulnerable to security breaches. Following 'Bring Your Own Device (BYOD)' policies and remote-work style of accessing network infra structure leaves the whole network vulnerable to new unknown malware, botnets, advanced persistent threats, coordinated attack patterns, etc., in addition to existing vulnerabilities inherent in software applications. Such an environment demands a network administrator to understand the nature and patterns of cyber-attacks targeting the network infra structure so that appropriate measures could be introduced. In this paper we propose a framework to classify cyber-attacks based on their pattern of occurrence. We validate the classification approach using real malicious traffic logs by focusing on: i) temporal behaviour of cyber-attacks; ii) correlation between cyber-attacks; and iii) targeted software applications.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于发生模式的不同网络攻击分类框架

网络犯罪分子使用的越来越成熟、隐蔽和动态的技术和攻击媒介，使得关键的网络基础设施更容易受到安全漏洞的攻击。遵循“自带设备(BYOD)”策略和远程工作方式访问网络基础设施，除了软件应用程序固有的现有漏洞外，整个网络还容易受到新的未知恶意软件、僵尸网络、高级持续威胁、协同攻击模式等的攻击。这种环境要求网络管理员了解针对网络基础设施的网络攻击的性质和模式，以便引入适当的措施。本文提出了一个基于网络攻击发生模式的网络攻击分类框架。我们通过关注以下方面来验证使用真实恶意流量日志的分类方法:i)网络攻击的时间行为;Ii)网络攻击之间的相关性;iii)有针对性的软件应用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 8th International Conference on Security of Information and Networks

自引率

0.00%

发文量