Understanding AttackersÕ Time-variant Pattern Changes in Cyber-Deception by Utilizing Deep Learning, Time-series Analysis, and Imaging Processing

Abstract

Since cyber-attacks are dynamic and attackers always attempt to compromise computer network systems to gain unauthorized access for controlling and gathering confidential and valuable information, understanding their behaviors has been emphasized to secure our computing resources and information. Recently, deception technology has gained substantial attention in cybersecurity because it provides ways of collecting attackersÕ intrusive activities to analyze them. A commonly used deception approach is operating honeypots as decoy systems to lure attackers and collect their activities (i.e., hacking attempts to gain unauthorized access to computing systems) without being noticed. Various deception-based strategies have been proposed and adopted as mainstream proactive cyber defense techniques to protect computing or network systems. However, several research challenges remain unaddressed due to the recent advancements in cybersecurity and technologies causing continuous changes in attackersÕ intrusive activities. Thus, continuously tracking and evaluating their behavior patterns has become a significant research challenge in cybersecurity to protect the computing infrastructures by reducing vulnerability. Cyber attackers continuously make numerous consecutive network connections to intrude into organizationsÕ networks. Therefore, analyzing network events without considering their temporal information may limit understanding of attackersÕ intrusive activities. Also, since attackersÕ behaviors have become highly sophisticated and their ability to bypass decoy systems is continuously advanced, detecting their activity behaviors and understanding their evolving behaviors is still considered a significant research challenge. Thus, understanding the variations of network events in a temporal domain by utilizing advanced techniques, such as artificial intelligence and visual analytics, is imperative to advance the capability of understanding them effectively. It is also critical to predicting future network traffic events, detecting attackersÕ behaviors, and determining the severity of network events in a temporal domain for advancing the current approach of analyzing and understanding attackersÕ intrusive activities. Overall, this research introduces an approach to monitoring attackersÕ activities over time by determining their possible future behaviors, which eventually supports us in developing advanced defensive strategies and actions. This project aims to design a new approach for proactively detecting attackersÕ time-variant pattern changes by integrating deep learning with supporting a combination of time series analysis, image processing techniques, and visual analysis. Thus, the approach predicts the frequencies of future network events, identifies the severity of network events as attack risk levels, measures the similarities of the severity, and performs a visual representation of the severity. The approach can improve the understanding of attackersÕ behaviors by providing both attack risks of network eventsÕ similarities and early warning by minimizing human intervention to support system administrators in preparing for possible attacks and developing advanced defensive strategies and actions.

Document Details

Document Type

DoD Grant Award

Publication Date

Jul 28, 2023

Source ID

W911NF2310217

Entities

Tags