No / The rapid shift and increase in remote access to
organisation resources have led to a significant increase in the
number of attack vectors and attack surfaces, which in turn
has motivated the development of newer and more sophisticated
cyber-attacks. Such attacks include Multi-Stage Attacks (MSAs).
In MSAs, the attack is executed through several stages. Classifying malicious traffic into stages to get more information about
the attack life-cycle becomes a challenge. This paper proposes a
malicious traffic clustering approach based on Latent Dirichlet
Allocation (LDA). LDA is a topic modelling approach used in
natural language processing to address similar problems. The
proposed approach is unsupervised learning and therefore will
be beneficial in scenarios where traffic data is not labeled and
analysis needs to be performed. The proposed approach uncovers
intrinsic contexts that relate to different categories of attack
stages in MSAs. These are vital insights needed across different
areas of cybersecurity teams like Incident Response (IR) within
the Security Operations Center (SOC), the insights uncovered
could have a positive impact in ensuring that attacks are detected
at early stages in MSAs. Besides, for IR, these insights help to
understand the attack behavioural patterns and lead to reduced
time in recovery following an incident. The proposed approach is
evaluated on a publicly available MSAs dataset. The performance
results are promising as evidenced by over 99% accuracy in
identified malicious traffic clusters.
Identifer | oai:union.ndltd.org:BRADFORD/oai:bradscholars.brad.ac.uk:10454/19768 |
Date | 19 December 2023 |
Creators | Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. |
Source Sets | Bradford Scholars |
Language | English |
Detected Language | English |
Type | Conference paper, No full-text in the repository |
Relation | https://www.acit2k.org/ACIT/index.php/about-acit-2023 |
Page generated in 0.0015 seconds