Abstract:
This study presents a classification and comparative analysis of intelligent system event analysis methods for the detection of multistep cyber-attacks, which are a set of sequential actions of one or more attackers pursuing a specific goal of invasion. The paper studies approaches to multistep cyber-attack detection based on knowledge, such as expert rules and scenarios (sequences) of events. The approaches considered are analyzed according to the following criteria: the method for extracting knowledge about scenarios of system events and attacks, the method for scenario knowledge representation, the method for security events analysis and the security problem to be solved. The paper gives the main advantages and disadvantages of approaches to the multistep cyber-attack detection, as well as possible directions of research in this area.
Fulltext:
PDF file (570 kB)