Robust Attack Graph Generation
Dennis Mouwen, Sicco Verwer, Azqa Nadeem
TL;DR
This paper introduces a robust automaton learning method that improves model resilience to noisy input sequences, enabling better modeling of both frequent and infrequent behaviors in attacker modeling from intrusion alerts.
Contribution
The proposed iterative alignment and re-learning approach enhances automaton models to handle noise and infrequent sequences, improving robustness and conciseness.
Findings
Models handle noise such as added or removed symbols effectively.
Learned models are more concise and fit training data better.
Method improves attacker behavior modeling from intrusion alerts.
Abstract
We present a method to learn automaton models that are more robust to input modifications. It iteratively aligns sequences to a learned model, modifies the sequences to their aligned versions, and re-learns the model. Automaton learning algorithms are typically very good at modeling the frequent behavior of a software system. Our solution can be used to also learn the behavior present in infrequent sequences, as these will be aligned to the frequent ones represented by the model. We apply our method to the SAGE tool for modeling attacker behavior from intrusion alerts. In experiments, we demonstrate that our algorithm learns models that can handle noise such as added and removed symbols from sequences. Furthermore, it learns more concise models that fit better to the training data.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Engineering Research · Advanced Malware Detection Techniques · Software Testing and Debugging Techniques