Introducing a New Alert Data Set for Multi-Step Attack Analysis

Max Landauer (Autor:in und Vortragende:r), Florian Skopik, Markus Wurzenberger

Publikation: Beitrag in Buch oder TagungsbandVortrag mit Beitrag in TagungsbandBegutachtung

Abstract

Intrusion detection systems (IDS) reinforce cyber defense by autonomously monitoring various data sources for traces of attacks. However, IDSs are also infamous for frequently raising false positives and alerts that are difficult to interpret without context. This results in high workloads on security operators who need to manually verify all reported alerts, often leading to fatigue and incorrect decisions. To generate more meaningful alerts and alleviate these issues, the research domain focused on multi-step attack analysis proposes approaches for filtering, clustering, and correlating IDS alerts, as well as generation of attack graphs. Unfortunately, existing data sets are outdated, unreliable, narrowly focused, or only suitable for IDS evaluation. Since hardly any suitable benchmark data sets are publicly available, researchers often resort to private data sets that prevent reproducibility of evaluations. We thus propose AIT-ADS, a new alert data set that we publish alongside this paper. The data set contains alerts from three distinct IDSs monitoring eight executions of a multi-step attack as well as simulations of normal user behavior. To illustrate the potential of our data set, we experiment with open-source tools for attack graph extraction.
OriginalspracheEnglisch
TitelCSET '24: Proceedings of the 17th Cyber Security Experimentation and Test Workshop
Herausgeber (Verlag)Association for Computing Machinery (ACM)
Seiten41 - 53
ISBN (Print)979-8-4007-0957-9
DOIs
PublikationsstatusVeröffentlicht - 13 Aug. 2024
VeranstaltungCSET 2024: Workshop on Cyber Security Experimentation and Test - Philadelphia , Philadelphia , USA/Vereinigte Staaten
Dauer: 13 Aug. 2024 → …

Sonstiges

SonstigesCSET 2024: Workshop on Cyber Security Experimentation and Test
Land/GebietUSA/Vereinigte Staaten
StadtPhiladelphia
Zeitraum13/08/24 → …

Research Field

  • Cyber Security

Fingerprint

Untersuchen Sie die Forschungsthemen von „Introducing a New Alert Data Set for Multi-Step Attack Analysis“. Zusammen bilden sie einen einzigartigen Fingerprint.

Diese Publikation zitieren