Methods of Intelligent System Event Analysis for Multistep Cyberattack Detection Using Knowledge Bases

Methods of Intelligent System Event Analysis for Multistep Cyberattack Detection Using Knowledge Bases

연구 분야: Safety

학회: Scientific and Technical Information Processing

This study presents a classification and comparative analysis of intelligent system event analysis methods for detecting multistep cyberattacks, which are a set of sequential actions of one or more attackers pursuing a specific goal of intrusion. The paper analyzes approaches to the detection of multistep cyberattacks based on knowledge bases, such as expert rules and event scenarios (sequences). The considered approaches are analyzed by such criteria as the method for extracting knowledge about scenarios of system events and attacks, the scenario knowledge representation method, the security events analysis method, and the security problem requiring to be solved. The paper shows the main advantages and disadvantages of the approaches to detecting multistep cyberattacks as well as lines of possible research in this area.