Title :
Clustering of multistage cyber attacks using significant services
Author :
Murphy, C.T. ; Yang, S.J.
Author_Institution :
Dept. of Comput. Eng., Rochester Inst. of Technol., Rochester, NY, USA
Abstract :
Multistage cyber attacks may target services of different types, often indicating their behavior or capability of penetrating into the network. A significant enhancement to network defenses will be to recognize the different classes of multistage attacks, allowing timely and effective anticipation of future attacks. Drawing analogies from social networking analysis, this work proposes a methodology that clusters cyber attacks based on the `significant services´ being exploited. From transforming the attacked services to utilizing the Divisive Hierarchical Clustering algorithm, the proposed method is able to identify sub-communities of attacks that share common characteristics. Experiment results demonstrate a high modularity for the identified community structure. Novel discoveries are also made possible by examining the attack clusters and the resulting dendrogram.
Keywords :
computer crime; pattern clustering; social networking (online); divisive hierarchical clustering algorithm; multistage Cyber attacks; network defenses; significant services; social networking analysis; Art; Communities; Computers; Educational institutions; Servers; Social network services; Transmission line matrix methods; Clustering; Cyber Attacks; Modularity; Social Network;
Conference_Titel :
Information Fusion (FUSION), 2010 13th Conference on
Conference_Location :
Edinburgh
Print_ISBN :
978-0-9824438-1-1
DOI :
10.1109/ICIF.2010.5712046
