Go to NLDB 2018 homepageSemantic Mapping of Security Events to Known Attack Patterns
Abstract: In order to provide cyber environment security, analysts need to analyze a large number of security events on a daily basis and take proper actions to alert their clients of potential threats. The increasing cyber traffic drives a need for a system to assist security analysts to relate security events to known attack patterns. This paper describes the enhancement of an existing Intrusion Detection System (IDS) with the automatic mapping of snort alert messages to known attack patterns. The approach relies on pre-clustering snort messages before computing their similarity to known attack patterns in Common Attack Pattern Enumeration and Classification (CAPEC). The system has been deployed in our partner company and when evaluated against the recommendations of two security analysts, achieved an f-measure of 64.57%.
0 Replies
Loading