TWC: TTP Option: Small: Automating Attack Strategy Recognition to Enhance Cyber Threat Prediction

TWC：TTP 选项：小：自动化攻击策略识别以增强网络威胁预测

基本信息

批准号：
1526383
负责人：
Shanchieh Yang
金额：
$ 66.7万
依托单位：
Rochester Institute of Tech
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2015
资助国家：
美国
起止时间：
2015-10-01 至 2019-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1526383&HistoricalAwards=false
关键词：
TWC TTP Option Small Automating

项目摘要

Network attacks are increasingly complex and fast-evolving. A single attack may use multiple reconnaissance, exploit, and obfuscation techniques. This project investigates how to extract critical attack attributes, synthesize novel attack sequences, and reveal potential threats to critical assets in a timely manner. The project uses machine learning techniques to simultaneously identify new attack types and observed events that could identify those attacks. The Transition-to-Practice component in the project includes a three-phase plan to provide a positively reinforced and measurable cycle to develop, evaluate, and refine a prototype system in real-world environments. This significantly broadens the engagement of security practitioners and student teams, who will be planning and executing attacks to test the prototype system. The outcome of this research will provide timely comprehension and anticipation of critical attack strategies, offering the practitioners a solution to level the playing field against sophisticated attackers.Specifically, this work develops an online semi-supervised learning framework to capture both spatial and temporal features of attack strategies. An attack behavior model is a collection of feature probability distributions. The attack features are used to synthesize attack sequences via Monte-Carlo simulation. The attack sequences along with an ensemble prediction are then used to reveal potential threats to critical assets in the network. The project will be evaluated on real-world attack data as well as synthetic network attacks. An extensive outreach plan includes course module development, a mid-project workshop to engage security researchers and practitioners, and a summary panel in an international conference.

网络攻击日益复杂且快速发展。一次攻击可能会使用多种侦察、利用和混淆技术。该项目研究如何提取关键攻击属性、合成新颖的攻击序列并及时揭示关键资产的潜在威胁。该项目使用机器学习技术来同时识别新的攻击类型和观察到的可以识别这些攻击的事件。该项目中的过渡到实践部分包括一个三阶段计划，旨在提供一个积极强化且可衡量的周期，以在现实环境中开发、评估和完善原型系统。这显着扩大了安全从业人员和学生团队的参与度，他们将规划和执行攻击以测试原型系统。这项研究的成果将提供对关键攻击策略的及时理解和预测，为从业者提供一个解决方案，为复杂的攻击者提供公平的竞争环境。具体来说，这项工作开发了一个在线半监督学习框架来捕获攻击的空间和时间特征。攻击策略。攻击行为模型是特征概率分布的集合。攻击特征用于通过蒙特卡罗模拟合成攻击序列。然后，攻击序列与整体预测一起用于揭示网络中关键资产的潜在威胁。该项目将根据真实世界的攻击数据以及合成网络攻击进行评估。广泛的推广计划包括课程模块开发、吸引安全研究人员和从业人员参与的项目中期研讨会以及国际会议的总结小组。