Building a dataset through attack pattern modeling and analysis system

Abstract

The different types of cyber-attacks on information and telecommunications systems are becoming increasingly sophisticated and complex, with several defined phases (attack pattern). Therefore, it is necessary to research and develop new infrastructures to understand and detect them. This work addresses the design and implementation of a system capable of detecting, analyzing, modeling and visualizing attack patterns in real time to build a dataset with labeled events attacks. The system consists of the three subsystems, detection of attack events subsystem; attack events analysis subsystem to model active patterns based on Common Attack Pattern Enumeration and Classification (CAPEC) definitions; and the attack pattern visualization subsystem. The results obtained from the attacks carried out over a period of six months under a series of assumptions are shown. These results have allowed the construction of a dataset with attack events labelled according to the possible attack patterns to which they belong. The developed system can provide an organization with a very real situational awareness of the cybersecurity situation.