Identifying phases of a multistage attack via clustering
Large scale multistage attacks targeting organizations and nation states have become apparent in the last five years. In order to mitigate this threat, it is necessary to determine whether or not these are actually taking place. To determine such activities, it is necessary to identify the different...
Saved in:
| Main Author: | |
|---|---|
| Format: | text |
| Published: |
Animo Repository
2011
|
| Subjects: | |
| Online Access: | https://animorepository.dlsu.edu.ph/faculty_research/6484 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | De La Salle University |
| id |
oai:animorepository.dlsu.edu.ph:faculty_research-7241 |
|---|---|
| record_format |
eprints |
| spelling |
oai:animorepository.dlsu.edu.ph:faculty_research-72412022-07-26T05:17:45Z Identifying phases of a multistage attack via clustering Gomez, Miguel Alberto N. Large scale multistage attacks targeting organizations and nation states have become apparent in the last five years. In order to mitigate this threat, it is necessary to determine whether or not these are actually taking place. To determine such activities, it is necessary to identify the different phases that lead to this type of activity. Clustering algorithms have been used in previous studies to identify emerging threats towards computer networks and to correlate results from multiple sources as a means to alleviate the burden of manually analyzing data. As such, clustering algorithms such as K-Means lend themselves well to the task of grouping different network behavior in order to identify whether or not an attack is taking place. It is, however, crucial to choose the appropriate algorithm for this task. The K-Means algorithm, given its characteristics and its performance, has proven to be an effective tool in identifying the different stages of a multistage attack given data obtained from a live honeynet. The labeled data set produced may be used for classification or forecasting in later studies. 2011-01-01T08:00:00Z text https://animorepository.dlsu.edu.ph/faculty_research/6484 Faculty Research Work Animo Repository Computer algorithms Computer security Intrusion detection systems (Computer security) Information Security |
| institution |
De La Salle University |
| building |
De La Salle University Library |
| continent |
Asia |
| country |
Philippines Philippines |
| content_provider |
De La Salle University Library |
| collection |
DLSU Institutional Repository |
| topic |
Computer algorithms Computer security Intrusion detection systems (Computer security) Information Security |
| spellingShingle |
Computer algorithms Computer security Intrusion detection systems (Computer security) Information Security Gomez, Miguel Alberto N. Identifying phases of a multistage attack via clustering |
| description |
Large scale multistage attacks targeting organizations and nation states have become apparent in the last five years. In order to mitigate this threat, it is necessary to determine whether or not these are actually taking place. To determine such activities, it is necessary to identify the different phases that lead to this type of activity. Clustering algorithms have been used in previous studies to identify emerging threats towards computer networks and to correlate results from multiple sources as a means to alleviate the burden of manually analyzing data. As such, clustering algorithms such as K-Means lend themselves well to the task of grouping different network behavior in order to identify whether or not an attack is taking place. It is, however, crucial to choose the appropriate algorithm for this task. The K-Means algorithm, given its characteristics and its performance, has proven to be an effective tool in identifying the different stages of a multistage attack given data obtained from a live honeynet. The labeled data set produced may be used for classification or forecasting in later studies. |
| format |
text |
| author |
Gomez, Miguel Alberto N. |
| author_facet |
Gomez, Miguel Alberto N. |
| author_sort |
Gomez, Miguel Alberto N. |
| title |
Identifying phases of a multistage attack via clustering |
| title_short |
Identifying phases of a multistage attack via clustering |
| title_full |
Identifying phases of a multistage attack via clustering |
| title_fullStr |
Identifying phases of a multistage attack via clustering |
| title_full_unstemmed |
Identifying phases of a multistage attack via clustering |
| title_sort |
identifying phases of a multistage attack via clustering |
| publisher |
Animo Repository |
| publishDate |
2011 |
| url |
https://animorepository.dlsu.edu.ph/faculty_research/6484 |
| _version_ |
1767196533355184128 |