Abstract
Intrusion detection systems (IDS) reinforce cyber defense by autonomously monitoring various data sources for traces of attacks. However, IDSs are also infamous for frequently raising false positives and alerts that are difficult to interpret without context. This results in high workloads on security operators who need to manually verify all reported alerts, often leading to fatigue and incorrect decisions. To generate more meaningful alerts and alleviate these issues, the research domain focused on multi-step attack analysis proposes approaches for filtering, clustering, and correlating IDS alerts, as well as generation of attack graphs. Unfortunately, existing data sets are outdated, unreliable, narrowly focused, or only suitable for IDS evaluation. Since hardly any suitable benchmark data sets are publicly available, researchers often resort to private data sets that prevent reproducibility of evaluations. We thus propose AIT-ADS, a new alert data set that we publish alongside this paper. The data set contains alerts from three distinct IDSs monitoring eight executions of a multi-step attack as well as simulations of normal user behavior. To illustrate the potential of our data set, we experiment with open-source tools for attack graph extraction.
Original language | English |
---|---|
Title of host publication | CSET '24: Proceedings of the 17th Cyber Security Experimentation and Test Workshop |
Publisher | Association for Computing Machinery (ACM) |
Pages | 41 - 53 |
ISBN (Print) | 979-8-4007-0957-9 |
DOIs | |
Publication status | Published - 13 Aug 2024 |
Event | CSET 2024: Workshop on Cyber Security Experimentation and Test - Philadelphia , Philadelphia , United States Duration: 13 Aug 2024 → … |
Other
Other | CSET 2024: Workshop on Cyber Security Experimentation and Test |
---|---|
Country/Territory | United States |
City | Philadelphia |
Period | 13/08/24 → … |
Research Field
- Cyber Security