Marcelo Rodríguez, Gustavo Betarte, Daniel Calegari
{"title":"A Process Mining-based approach for Attacker Profiling","authors":"Marcelo Rodríguez, Gustavo Betarte, Daniel Calegari","doi":"10.1109/urucon53396.2021.9647342","DOIUrl":null,"url":null,"abstract":"Reacting adequately to cybersecurity attacks requires observing the attackers' knowledge, skills, and behaviors to examine their influence over the system and understand the characteristics associated with these attacks. Profiling an attacker allows generating security countermeasures that can be adopted even from the design of the systems. For automated attackers, e.g., malware, it is possible to identify structured behavior, i.e., a process-like behavior consisting of several (partial) ordered activities. Process Mining (PM) is a discipline from the organizational context that focuses on analyzing the event logs associated with executing the system's processes to discover many aspects of process behavior. Few proposals are applying PM to attacker profiling. In this work, we explore the use of PM techniques to identify the behavior of cyber attackers. In particular, we illustrate, using an application example, how they can be adapted to an environment dominated by automated attackers. We discuss preliminary results and provide guidelines for future work.","PeriodicalId":337257,"journal":{"name":"2021 IEEE URUCON","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE URUCON","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/urucon53396.2021.9647342","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Reacting adequately to cybersecurity attacks requires observing the attackers' knowledge, skills, and behaviors to examine their influence over the system and understand the characteristics associated with these attacks. Profiling an attacker allows generating security countermeasures that can be adopted even from the design of the systems. For automated attackers, e.g., malware, it is possible to identify structured behavior, i.e., a process-like behavior consisting of several (partial) ordered activities. Process Mining (PM) is a discipline from the organizational context that focuses on analyzing the event logs associated with executing the system's processes to discover many aspects of process behavior. Few proposals are applying PM to attacker profiling. In this work, we explore the use of PM techniques to identify the behavior of cyber attackers. In particular, we illustrate, using an application example, how they can be adapted to an environment dominated by automated attackers. We discuss preliminary results and provide guidelines for future work.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
