Temporal and Stochastic Modelling of Attacker Behaviour

被引:1
|
作者
Rade, Rahul [1 ]
Deshmukh, Soham [1 ]
Nene, Ruturaj [1 ]
Wadekar, Amey S. [1 ]
Unny, Ajay [1 ]
机构
[1] Veermata Jijabai Technol Inst, Mumbai, Maharashtra, India
来源
ADVANCES IN DATA SCIENCE | 2019年 / 941卷
关键词
Cyber security; Threat intelligence; Cowrie honeypot; Markov chain; Hidden Markov Models; Attacker behavioral analysis; Sequence modelling using LSTM;
D O I
10.1007/978-981-13-3582-2_3
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Cyber Threat Analysis is one of the emerging focus of information security. Its main functions include identifying the potential threats and predicting the nature of an attacker. Understanding the behaviour of an attacker remains one of the most important aspect of threat analysis, much work has been focused on the detection of concrete network attacks using Intrusion Detection System to raise an alert which subsequently requires human attention. However, we think inspecting the behavioural aspect of an attacker is more intuitive in order to take necessary security measures. In this paper, we propose a novel approach to analyse the behaviour of an attacker in cowrie honeypot. First, we introduce the concept of Honeypot and then model the data using semi-supervised Markov Chains and Hidden Markov Models. We evaluate the suggested methods on a dataset consisting of over a million simulated attacks on a cowrie honeypot system. Along with proposed stochastic models, we also explore the use of Long Short-Term Memory (LSTM) based model for attack sequence modelling. The LSTM based model was found to be better for modelling of long attack sequences as compared to Markov models due to their inability to capture long term dependencies. The results of these models are used to analyse different attack propagation and interaction patterns in the system and predict attacker's next action. These patterns can be used for a better understanding of the existing or evolving attacks and may also aid security experts to comprehend the mindset of an attacker.
引用
收藏
页码:30 / 45
页数:16
相关论文
共 50 条
  • [11] Modelling of plasma and impurity behaviour in a tokamak with a stochastic layer
    Tokar, MZ
    FUSION ENGINEERING AND DESIGN, 1997, 37 (03) : 417 - 425
  • [12] Modelling of plasma and impurity behaviour in a tokamak with a stochastic layer
    Tokar, MZ
    Lasaar, H
    Mandl, W
    Hess, WR
    DeMichelis, C
    PLASMA PHYSICS AND CONTROLLED FUSION, 1997, 39 (04) : 569 - 589
  • [13] Spatio-temporal stochastic modelling of environmental hazards
    Mateu, Jorge
    Ignaccolo, Rosalba
    SPATIAL STATISTICS, 2015, 14 : 115 - 118
  • [14] Recent advances in spatio-temporal stochastic modelling
    Gonzalez-Manteiga, Wenceslao
    Crujeiras, Rosa M.
    ENVIRONMETRICS, 2012, 23 (01) : 1 - 2
  • [15] Spatio-temporal stochastic modelling of Clostridium difficile
    Starr, J. M.
    Campbell, A.
    Renshaw, E.
    Poxton, I. R.
    Gibson, G. J.
    JOURNAL OF HOSPITAL INFECTION, 2009, 71 (01) : 49 - 56
  • [16] Multiscale Temporal Irreversibility of Streamflow and Its Stochastic Modelling
    Vavoulogiannis, Stelios
    Iliopoulou, Theano
    Dimitriadis, Panayiotis
    Koutsoyiannis, Demetris
    HYDROLOGY, 2021, 8 (02)
  • [17] Temporal behaviour of distributed facilities - Modelling heterogeneous systems
    Schaefer, Stephan
    Berger, Ulrich
    Schoettke, Dirk
    Kaempfe, Thomas
    ATP EDITION, 2012, (10): : 36 - 43
  • [18] Modelling and dynamic simulation of the stochastic behaviour of bulk solid mixing
    Diaz, E
    Szepvolgyi, J
    Gyenis, J
    HUNGARIAN JOURNAL OF INDUSTRIAL CHEMISTRY, 1997, 25 (02): : 115 - 125
  • [19] Modelling Joint Behaviour of Asset Prices Using Stochastic Correlation
    Markus, Laszlo
    Kumar, Ashish
    METHODOLOGY AND COMPUTING IN APPLIED PROBABILITY, 2021, 23 (01) : 341 - 354
  • [20] Modelling Joint Behaviour of Asset Prices Using Stochastic Correlation
    László Márkus
    Ashish Kumar
    Methodology and Computing in Applied Probability, 2021, 23 : 341 - 354