Abstract:
This study presents a classification and comparative analysis of intelligent system event methods for the detection of multi-step cyber-attacks. Such attacks are a sequence of interrelated steps of an attacker pursuing a specific goal of intrusion. The paper analyzes approaches to multistep cyber-attack detection based on system event learning methods, including supervised learning, unsupervised learning, and semi-supervised learning. The approaches considered are analyzed according to the following criteria: the method of extracting knowledge about scenarios of system events and attacks, the method for scenario knowledge representation, the method for security events analysis, the security problem to be solved, and the data set used. The paper gives the main advantages and disadvantages of learningbased approaches to the detection of multi-step cyberattacks, as well as possible directions of research in this area.
Fulltext:
PDF file (636 kB)