Data-driven Adversarial Behavior Models for Cybersecurity
Mejia-Ricart, Luis Felipe
MetadataShow full item record
Behavioral analysis of cyber adversaries can be used to augment existing defense mechanisms in the cyber space. The approach is concerned with early detection and prevention of cyber attacks by the adversaries. Maintaining adversarial behavior models can identify repeat offenders and would-be adversaries with similar modus operandi. Using cyber threat data gathered from cyber defense competitions, we generate realistic adversarial behavior models. Defining behaviors for the model is not trivial due to the defending systems typically having limited visibility of the adversary. The network traffic dataset we used in our study is the 2018 WR-CCDC dataset. It is among many network traffic datasets that are provided raw and unlabeled, hindering analysis. To generate the model we first devise a labeling and processing strategy for network traffic data, so as to identify the defending systems and their adversaries. We believe the study of cyber adversarial behavior can also enable some system security automation and sharing of organizational security intel, making room for collaborative Internet-wide security infrastructures.