A Framework of Attacker Centric Cyber Attack Behavior Analysis

10 years 2 months ago
A Framework of Attacker Centric Cyber Attack Behavior Analysis
—Cyber attack behavior analysis can be roughly classified as “network centric” and “attacker centric” approaches. Compared with traditional “network centric” approach, the keys to implement “attacker centric” approach are to investigate the attacker relationship as while as tracking attackers. Current “attacker centric” approach researches mainly focus on single attacker centric behavior analysis, but overlook the attacker relationship and its impact on attack behavior analysis. This paper is mainly coping with such issues. In this paper, the framework of attacker centric behavior analysis is proposed. As key technique, the principles of choosing desirable attacker set are discussed, the concepts of attacker group and group member are introduced, and the corresponding attacker group recognition algorithms are also proposed. Finally, based on the proposed approaches, a prototype system CABAS is developed and evaluated under DARPA 2000 intrusion detection evaluation...
Xuena Peng, Hong Zhao
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ICC
Authors Xuena Peng, Hong Zhao
Comments (0)