Clustering of multistage cyber attacks using significant services

Author

Murphy, C.T. ; Yang, S.J.

Author_Institution

Dept. of Comput. Eng., Rochester Inst. of Technol., Rochester, NY, USA

fYear

2010

fDate

26-29 July 2010

Firstpage

1

Lastpage

7

Abstract

Multistage cyber attacks may target services of different types, often indicating their behavior or capability of penetrating into the network. A significant enhancement to network defenses will be to recognize the different classes of multistage attacks, allowing timely and effective anticipation of future attacks. Drawing analogies from social networking analysis, this work proposes a methodology that clusters cyber attacks based on the `significant services´ being exploited. From transforming the attacked services to utilizing the Divisive Hierarchical Clustering algorithm, the proposed method is able to identify sub-communities of attacks that share common characteristics. Experiment results demonstrate a high modularity for the identified community structure. Novel discoveries are also made possible by examining the attack clusters and the resulting dendrogram.

Keywords

computer crime; pattern clustering; social networking (online); divisive hierarchical clustering algorithm; multistage Cyber attacks; network defenses; significant services; social networking analysis; Art; Communities; Computers; Educational institutions; Servers; Social network services; Transmission line matrix methods; Clustering; Cyber Attacks; Modularity; Social Network;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Fusion (FUSION), 2010 13th Conference on

Conference_Location

Edinburgh

Print_ISBN

978-0-9824438-1-1

Type

conf

DOI

10.1109/ICIF.2010.5712046

Filename

5712046