The Attacker Might Also Do Next: ATT&CK Behavior Forecasting by Attacker-based Collaborative Filtering and Graph Databases
-
- Kuwano Masaki
- Toyo University
-
- Okuma Momoka
- Toyo University
-
- Okada Satoshi
- Toyo University The University of Tokyo
-
- Mitsunaga Takuho
- Toyo University
Abstract
<p>Cyber attacks are causing tremendous damage around the world. To protect against attacks, many organizations have established or outsourced Security Operation Centers (SOCs) to check a large number of logs daily. Since there is no perfect countermeasure against cyber attacks, it is necessary to detect signs of intrusion quickly to mitigate damage caused by them. However, it is challenging to analyze a lot of logs obtained from PCs and servers inside an organization. Therefore, there is a need for a method of efficiently analyzing logs. In this paper, we propose a recommendation system using the ATT&CK technique, which predicts and visualizes attackers' behaviors using collaborative filtering so that security analysts can analyze logs efficiently. We evaluated the proposed method using real-world cyber-attack cases and found that it is able to make predictions with higher recall than our previously proposed method.</p>
Journal
-
- Journal of Information Processing
-
Journal of Information Processing 31 (0), 802-811, 2023
Information Processing Society of Japan
- Tweet
Details 詳細情報について
-
- CRID
- 1390298466309891712
-
- ISSN
- 18826652
-
- Text Lang
- en
-
- Data Source
-
- JaLC
- Crossref
-
- Abstract License Flag
- Disallowed