An effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning

Simple item page
dc.contributor.authorMohammed Alhaj, Tagwa Ahmed
dc.date.accessioned2024-02-25T00:10:43Z
dc.date.available2024-02-25T00:10:43Z
dc.date.issued2018
dc.descriptionThesis (PhD. (Computer Science))
dc.description.abstractAttack Scenario Construction (ASC) via Alert Correlation (AC) is important to reveal the strategy of attack in terms of steps and stages that need to be launched to make the attack successful. Previous works on AC used two approaches which are Structural-based Alert Correlation (SAC) that clusters the alerts features to reveal a list of attack steps, and Casual-based Alert Correlation (CAC) which classifies the alerts based on the cause-effect relationship. However, major limitations of previous works have been found to have false and incomplete correlations due to inaccurate attack step identification based on different set of features, infiltration of raw alerts and failure to identify the sequence of attack stages. Therefore, an ASC model was developed to select significant features and to discover the complete correlations. Firstly, this research designed a two-tier feature selection using Information Gain (IG) for optimal accuracy on attack steps identification. Secondly, preserving the alerts using coarse grain cleaning for accurate attack stages identification was carried out. Finally, an effective attack scenario model to discover a complete relationship among alerts by identifying and mapping the related alerts was constructed. The model was successfully experimented using two types of datasets which are DARPA2000 and ISCX2012. The Completeness and Soundness of the model were measured to evaluate the overall correlation effectiveness. The existing works achieved 76% average completeness in comparison to the proposed model which achieved 100% completeness resulting in a 24% improvement. With regard to soundness measurement, the existing work scored 83.055% soundness while the proposed model soundness reached 100%, which has a 16.9% improvement. The findings has shown that this research is significant to Security Analyst (SA) for designing responsive and preventive mechanisms which are effective and reliable in protecting and securing computer networks.
dc.description.sponsorshipFaculty of Engineering - School of Computing
dc.identifier.urihttp://openscience.utm.my/handle/123456789/1023
dc.language.isoen
dc.publisherUniversiti Teknologi Malaysia
dc.subjectComputer networks—Security measures—Computer programs
dc.subjectComputer security—Computer simulation
dc.subjectCyberterrorism—Prevention
dc.titleAn effective attack scenario construction model based on two-tier feature selection and coarse grain cleaning
dc.typeThesis
dc.typeDataset
Files
Original bundle
Now showing 1 - 5 of 6
Thumbnail Image
Name:
TagwaAhmedMohammedPSC2018_A.pdf
Size:
50.45 KB
Format:
Adobe Portable Document Format
Description:
THE LIST OF ATTACK STAGES IN ISCX 2012 WITH RELATED ALERTS
Download
Thumbnail Image
Name:
TagwaAhmedMohammedPSC2018_B.pdf
Size:
46.56 KB
Format:
Adobe Portable Document Format
Description:
THE LIST OF ATTACK STAGES IN DARPA 2000 WITH RELATED ALERTS
Download
Thumbnail Image
Name:
TagwaAhmedMohammedPSC2018_C.pdf
Size:
62.42 KB
Format:
Adobe Portable Document Format
Description:
SAMPLE OF UN-LABELLED ALERT FEATURES INDARPA2000 DATASET
Download
Thumbnail Image
Name:
TagwaAhmedMohammedPSC2018_D.pdf
Size:
55.71 KB
Format:
Adobe Portable Document Format
Description:
SAMPLE OF RAW ALERT AFTER LABELING ALERT FEATURES IN DARPA2000 DATASET
Download
Thumbnail Image
Name:
TagwaAhmedMohammedPSC2018_E.pdf
Size:
53.44 KB
Format:
Adobe Portable Document Format
Description:
SAMPLE OF ALERT AFTER PREPARATION PROCESS IN DARPA 2000 DATA
Download
License bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed to upon submission
Description:
Download
Collections
Computer Science, Information Technology and Telecommunications