Cyber Attack Stage Tracing System based on Attack Scenario Comparison

Masahito Kumazaki, Hirokazu Hasegawa, Yukiko Yamaguchi, Hajime Shimada, Hiroki Takakura

2022

Abstract

In the current organizational network consisting of multiple branch sites, there is a difference in security between sites, making it difficult to protect against targeted attacks. Therefore, it is important to detect and respond to attacks early, but it is also difficult to achieve this with the current network management. In order to solve this problem, we previously proposed a response support system for multiple sites. This system has two functions. First, it provides recommendations for an incident response by using information of incidents similar to the one. Second function estimates correlations among incidents and targets of cyber attack. To enable recommendations, we also proposed a method for evaluating the similarity of incidents and conducted experiments to investigate its effectiveness. We were able to correctly estimate the similarity of attacks when their attack stages were the same, but not when they were different. The result indicates the necessity to conduct similarity estimation for the same stage of attacks even if their current stages differ. By investigating stage transitions of attacks, we have to make alignment among their stages. In this paper, we propose a method to expect the attack methods and a system to generate information divided by attack stages. We also confirmed the effectiveness of proposed method by conducting experiments using a simulated cyber attack.

Download


Paper Citation


in Harvard Style

Kumazaki M., Hasegawa H., Yamaguchi Y., Shimada H. and Takakura H. (2022). Cyber Attack Stage Tracing System based on Attack Scenario Comparison. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 587-594. DOI: 10.5220/0010918200003120


in Bibtex Style

@conference{icissp22,
author={Masahito Kumazaki and Hirokazu Hasegawa and Yukiko Yamaguchi and Hajime Shimada and Hiroki Takakura},
title={Cyber Attack Stage Tracing System based on Attack Scenario Comparison},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={587-594},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010918200003120},
isbn={978-989-758-553-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Cyber Attack Stage Tracing System based on Attack Scenario Comparison
SN - 978-989-758-553-1
AU - Kumazaki M.
AU - Hasegawa H.
AU - Yamaguchi Y.
AU - Shimada H.
AU - Takakura H.
PY - 2022
SP - 587
EP - 594
DO - 10.5220/0010918200003120