Next Article in Journal
Investigation of Electrical Contacts to p-Grid in SiC Power Devices Based on Charge Storage Effect and Dynamic Degradation
Next Article in Special Issue
InSight2: A Modular Visual Analysis Platform for Network Situational Awareness in Large-Scale Networks
Previous Article in Journal
Fault Tolerant Digital Data-Path Design via Control Feedback Loops
Previous Article in Special Issue
Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection
Open AccessReview

Systematic Review and Quantitative Comparison of Cyberattack Scenario Detection and Projection

University of Zagreb, Faculty of Electrical Engineering and Computing, Unska 3, HR-10000 Zagreb, Croatia
*
Author to whom correspondence should be addressed.
Electronics 2020, 9(10), 1722; https://doi.org/10.3390/electronics9101722
Received: 15 September 2020 / Revised: 13 October 2020 / Accepted: 15 October 2020 / Published: 19 October 2020
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Intrusion Detection Systems (IDSs) automatically analyze event logs and network traffic in order to detect malicious activity and policy violations. Because IDSs have a large number of false positives and false negatives and the technical nature of their alerts requires a lot of manual analysis, the researchers proposed approaches that automate the analysis of alerts to detect large-scale attacks and predict the attacker’s next steps. Unfortunately, many such approaches use unique datasets and success metrics, making comparison difficult. This survey provides an overview of the state of the art in detecting and projecting cyberattack scenarios, with a focus on evaluation and the corresponding metrics. Representative papers are collected while using Google Scholar and Scopus searches. Mutually comparable success metrics are calculated and several comparison tables are provided. Our results show that commonly used metrics are saturated on popular datasets and cannot assess the practical usability of the approaches. In addition, approaches with knowledge bases require constant maintenance, while data mining and ML approaches depend on the quality of available datasets, which, at the time of writing, are not representative enough to provide general knowledge regarding attack scenarios, so more emphasis needs to be placed on researching the behavior of attackers. View Full-Text
Keywords: targeted attacks; attack scenario; intrusion detection; alert correlation; cyber situational awareness; attack projection targeted attacks; attack scenario; intrusion detection; alert correlation; cyber situational awareness; attack projection
Show Figures

Figure 1

MDPI and ACS Style

Kovačević, I.; Groš, S.; Slovenec, K. Systematic Review and Quantitative Comparison of Cyberattack Scenario Detection and Projection. Electronics 2020, 9, 1722.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop