ASSERT:attack synthesis and separation with entropy redistribution towards predictive cyber defense

作     者：Ahmet Okutan Shanchieh Jay Yang 

作者机构：Computer EngineeringRochester Institute of TechnologyRochesterNYUSA 

出 版 物：《Cybersecurity》 (网络空间安全科学与技术（英文）)

年 卷 期：2019年第2卷第1期

页      面：253-270页

核心收录：

学科分类：0810[工学-信息与通信工程] 1205[管理学-图书情报与档案管理] 081704[工学-应用化学] 07[理学] 0839[工学-网络空间安全] 08[工学] 0817[工学-化学工程与技术] 070303[理学-有机化学] 0835[工学-软件工程] 0703[理学-化学] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：This research is supported by NSF Award#1526383 

主　　题：Cyber security Dynamic bayesian classifier Clustering KL divergence 

摘      要：The sophistication of cyberattacks penetrating into enterprise networks has called for predictive defense beyond intrusion detection,where different attack strategies can be analyzed and used to anticipate next malicious actions,especially the unusual ***,traditional predictive analytics or machine learning techniques that require training data of known attack strategies are not practical,given the scarcity of representative data and the evolving nature of *** paper describes the design and evaluation of a novel automated system,ASSERT,which continuously synthesizes and separates cyberattack behavior models to enable better prediction of future *** takes streaming malicious event evidences as inputs,abstracts them to edge-based behavior aggregates,and associates the edges to attack models,where each represents a unique and collective attack *** follows a dynamic Bayesian-based model generation approach to determine when a new attack behavior is present,and creates new attack models by maximizing a cluster validity *** generates empirical attack models by separating evidences and use the generated models to predict unseen future *** continuously evaluates the quality of the model separation and triggers a re-clustering process when *** the use of 2017 National Collegiate Penetration Testing Competition data,this work demonstrates the effectiveness of ASSERT in terms of the quality of the generated empirical models and the predictability of future actions using the models.