Proceedings of the XXth Conference of Open Innovations Association FRUCT (Oct 2021)

Dataset Selection for Attacker Group Identification Methods

  • Artem Pavlov,
  • Natalia Voloshina

DOI
https://doi.org/10.23919/FRUCT53335.2021.9599966
Journal volume & issue
Vol. 30, no. 1
pp. 171 – 176

Abstract

Read online

Intrusion detection systems are an important tool for network security. Their efficiency can be improved by implementing Alert Correlation Systems. Such systems are aimed at identifying relationships between alerts themselves and between alert and properties of protected systems. One of the tasks of alert correlation systems is to identify groups of attackers, its solution allows to improve the accuracy of determining the threat level of malicious actors, which helps in choosing response measures, and to determine patterns of similarity between attacks, which helps in forensic investigation. To date, there is no universal dataset suitable for testing the effectiveness of any method related to intrusion detection systems, and the most appropriate dataset for the task of attacker group identification has not been selected. The paper considers the existing approaches to the formation of requirements for datasets for use in intrusion detection tasks, analyzes modern datasets. A list of requirements for datasets is formed for their use in testing methods for identifying groups of attackers based on the specifics of the task. Weights are determined for the requirements, and a usability rating is determined for the modern datasets. An alternative data source is proposed to meet requirements that are poorly addressed by the current datasets.

Keywords