Abstract-In this paper, we present an empirical evaluation of an approach to predict attacker's activities based on information exchange and data mining. We gathered the cyber security alerts shared within the SABU platform, in which around 220,000 alerts from heterogeneous geographically distributed sensors (intrusion detection systems and honeypots) are shared every day. Subsequently, we used the methods of sequential rule mining to identify common attack patterns and to derive rules for predicting attacks. As we illustrate in this paper, a collaborative environment allows attack prediction in multiple dimensions. First, we can predict what will the attacker do next and when. Second, we can predict where will the attack hit, e.g., when an attacker is targeting several networks at once. In a weeklong experiment, we processed in total over 1 million alerts, from which we mined predictive rules every day. Our findings show that most of the rules display stable values of support and confidence and, thus, can be used to predict cyber attacks in consecutive days after mining without a need to actualize the rules every day.
Data mining is well-known for its ability to extract concealed and indistinct patterns in the data, which is a common task in the field of cyber security. However, data mining is not always used to its full potential among cyber security community. In this paper, we discuss usability of sequential pattern and rule mining, a subset of data mining methods, in an analysis of cyber security alerts. First, we survey the use case of data mining, namely alert correlation and attack prediction. Subsequently, we evaluate sequential pattern and rule mining methods to find the one that is both fast and provides valuable results while dealing with the peculiarities of security alerts. An experiment was performed using the dataset of real alerts from an alert sharing platform. Finally, we present lessons learned from the experiment and a comparison of the selected methods based on their performance and soundness of the results.
Protection of Norway spruce stands using anti-attractants was tested during an outbreak of bark beetles (Ips typographus) in their spring flight. The aims of this study were as follows: (1) to test the proposed experimental design for tree protection; (2) to evaluate height-specific alternatives for dispenser installation on trees; and (3) to evaluate the efficiency of tree protection measures using anti-attractants under bark beetle infestation and drought stress. The experiment was conducted at the forest edges adjacent to recent clearcuts on 10 blocks in the eastern Czech Republic. Each block had three adjacent experimental areas, with 20 trees growing in two rows at the recently cut forest edge (10 trees per row). In front of a block in each of the three areas, four pheromone traps were installed. The treatment area was protected by anti-attractants. The second area served as a so-called switch area, where beetles from the treatment area, as the outflux redirected from the anti-attractant, would start new attacks if not caught in nearby pheromone traps. The third area was a control. We attached anti-attractant tube dispensers on each tree trunk of the treated area at two heights. The results suggest a redirecting effect of anti-attractants, pushing beetles into the switch area and causing subsequent attacks, which was greater than in areas containing treated trees. There was no difference between two dispensers placed at 1 and 8 m height and both at 1 m. A switching effect of beetle attacks occurring outside of the treated areas was observed. Mounting anti-attractant dispensers on tree trunks at one low position above the ground can be substantially less labour-intensive and as efficient as positioning them at two different heights. For areas affected by severe drought and extremely dense bark beetle populations, the use of anti-attractants did not prove effective.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.