Intrusion Detection Systems (IDSs) automatically analyze event logs and network traffic in order to detect malicious activity and policy violations. Because IDSs have a large number of false positives and false negatives and the technical nature of their alerts requires a lot of manual analysis, the researchers proposed approaches that automate the analysis of alerts to detect large-scale attacks and predict the attacker’s next steps. Unfortunately, many such approaches use unique datasets and success metrics, making comparison difficult. This survey provides an overview of the state of the art in detecting and projecting cyberattack scenarios, with a focus on evaluation and the corresponding metrics. Representative papers are collected while using Google Scholar and Scopus searches. Mutually comparable success metrics are calculated and several comparison tables are provided. Our results show that commonly used metrics are saturated on popular datasets and cannot assess the practical usability of the approaches. In addition, approaches with knowledge bases require constant maintenance, while data mining and ML approaches depend on the quality of available datasets, which, at the time of writing, are not representative enough to provide general knowledge regarding attack scenarios, so more emphasis needs to be placed on researching the behavior of attackers.
Web applications are ubiquitous in today's businesses. The security of these applications is of utmost importance since security breaches might negatively impact good reputation, and even result in bankruptcy. There are different methods of assessing security of Web applications, mainly based on some automated method of scanning. One type of scan method feeds random data to the application and monitors its behavior. The other type uses a database with predefined vulnerabilities that are checked one by one until either a vulnerability is found, or it can be claimed that the application does not have any known vulnerabilities. The important step in latter type of scan process is the identification of the application since in this case we are narrowing number of checks and, as a consequence, the scan process is faster. This paper describes a method for Web application identification based on a black box principle. Our method is based on the invariance of certain characteristics of Web applications. We experimentally tested and confirmed the usefulness of this approach.
Information technology system (ITS), informally, is a set of workstations, servers, laptops, installed software, databases, LANs, firewalls, etc. Nowadays, every company has an ITS, but rarely is information about it available outside the company that owns it. However, there are many situations where the availability of such data would be beneficial. For example, cyber ranges emulate IT systems and need their description, and various algorithms in cybersecurity, in particular attack tree generation, need to be validated on models of IT systems. In this paper, we describe a system we call the Generator, that as inputs takes requirements such as the number of employees and the vertical to which the company belongs, and outputs a model of an ITS that satisfies the given requirements. A very important property, that we have put special emphasis on, is that the generated ITS models a large amount of details, and ideally resembles a real system. To the best of our knowledge, we are the first to have attempted to build something like this. We made a proof-of-concept implementation of the Generator, validated it by generating an ITS model for a simplified fictional financial institution, and analyzed its performance with respect to the problem size. The conducted experiments show that our approach is feasible. In the future, we intend to extend this prototype to allow probabilistic generation of IT systems when only a subset of parameters is explicitly defined, and further validate our approach with the help of domain experts.INDEX TERMS cybersecurity, cyber range, information technology system I. INTRODUCTION
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.