An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning
Attack Scenario Construction (ASC) via Alert Correlation (AC) is important to reveal the strategy of attack in terms of steps and stages that need to be launched to make the attack successful. Previous works on AC used two approaches which are Structural-based Alert Correlation (SAC) that clusters t...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2018
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/98247/1/TagwaAhmedMohammedPSC2018.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-utm-ep.98247 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-utm-ep.982472022-11-23T08:18:29Z An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning 2018 Mohammed Alhaj, Tagwa Ahmed QA75 Electronic computers. Computer science Attack Scenario Construction (ASC) via Alert Correlation (AC) is important to reveal the strategy of attack in terms of steps and stages that need to be launched to make the attack successful. Previous works on AC used two approaches which are Structural-based Alert Correlation (SAC) that clusters the alerts features to reveal a list of attack steps, and Casual-based Alert Correlation (CAC) which classifies the alerts based on the cause-effect relationship. However, major limitations of previous works have been found to have false and incomplete correlations due to inaccurate attack step identification based on different set of features, infiltration of raw alerts and failure to identify the sequence of attack stages. Therefore, an ASC model was developed to select significant features and to discover the complete correlations. Firstly, this research designed a two-tier feature selection using Information Gain (IG) for optimal accuracy on attack steps identification. Secondly, preserving the alerts using coarse grain cleaning for accurate attack stages identification was carried out. Finally, an effective attack scenario model to discover a complete relationship among alerts by identifying and mapping the related alerts was constructed. The model was successfully experimented using two types of datasets which are DARPA2000 and ISCX2012. The Completeness and Soundness of the model were measured to evaluate the overall correlation effectiveness. The existing works achieved 76% average completeness in comparison to the proposed model which achieved 100% completeness resulting in a 24% improvement. With regard to soundness measurement, the existing work scored 83.055% soundness while the proposed model soundness reached 100%, which has a 16.9% improvement. The findings has shown that this research is significant to Security Analyst (SA) for designing responsive and preventive mechanisms which are effective and reliable in protecting and securing computer networks. 2018 Thesis http://eprints.utm.my/id/eprint/98247/ http://eprints.utm.my/id/eprint/98247/1/TagwaAhmedMohammedPSC2018.pdf application/pdf en public http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:141938 phd doctoral Universiti Teknologi Malaysia, Faculty of Engineering - School of Computing Faculty of Engineering - School of Computing |
| institution |
Universiti Teknologi Malaysia |
| collection |
UTM Institutional Repository |
| language |
English |
| topic |
QA75 Electronic computers Computer science |
| spellingShingle |
QA75 Electronic computers Computer science Mohammed Alhaj, Tagwa Ahmed An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning |
| description |
Attack Scenario Construction (ASC) via Alert Correlation (AC) is important to reveal the strategy of attack in terms of steps and stages that need to be launched to make the attack successful. Previous works on AC used two approaches which are Structural-based Alert Correlation (SAC) that clusters the alerts features to reveal a list of attack steps, and Casual-based Alert Correlation (CAC) which classifies the alerts based on the cause-effect relationship. However, major limitations of previous works have been found to have false and incomplete correlations due to inaccurate attack step identification based on different set of features, infiltration of raw alerts and failure to identify the sequence of attack stages. Therefore, an ASC model was developed to select significant features and to discover the complete correlations. Firstly, this research designed a two-tier feature selection using Information Gain (IG) for optimal accuracy on attack steps identification. Secondly, preserving the alerts using coarse grain cleaning for accurate attack stages identification was carried out. Finally, an effective attack scenario model to discover a complete relationship among alerts by identifying and mapping the related alerts was constructed. The model was successfully experimented using two types of datasets which are DARPA2000 and ISCX2012. The Completeness and Soundness of the model were measured to evaluate the overall correlation effectiveness. The existing works achieved 76% average completeness in comparison to the proposed model which achieved 100% completeness resulting in a 24% improvement. With regard to soundness measurement, the existing work scored 83.055% soundness while the proposed model soundness reached 100%, which has a 16.9% improvement. The findings has shown that this research is significant to Security Analyst (SA) for designing responsive and preventive mechanisms which are effective and reliable in protecting and securing computer networks. |
| format |
Thesis |
| qualification_name |
Doctor of Philosophy (PhD.) |
| qualification_level |
Doctorate |
| author |
Mohammed Alhaj, Tagwa Ahmed |
| author_facet |
Mohammed Alhaj, Tagwa Ahmed |
| author_sort |
Mohammed Alhaj, Tagwa Ahmed |
| title |
An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning |
| title_short |
An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning |
| title_full |
An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning |
| title_fullStr |
An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning |
| title_full_unstemmed |
An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning |
| title_sort |
effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning |
| granting_institution |
Universiti Teknologi Malaysia, Faculty of Engineering - School of Computing |
| granting_department |
Faculty of Engineering - School of Computing |
| publishDate |
2018 |
| url |
http://eprints.utm.my/id/eprint/98247/1/TagwaAhmedMohammedPSC2018.pdf |
| _version_ |
1776100565498986496 |