Show simple item record

dc.contributor.authorLefoane, Moemedi
dc.contributor.authorGhafir, Ibrahim
dc.contributor.authorKabir, Sohag
dc.contributor.authorAwan, Irfan U.
dc.date.accessioned2023-12-19T16:58:44Z
dc.date.accessioned2024-01-22T12:42:57Z
dc.date.available2023-12-19T16:58:44Z
dc.date.available2024-01-22T12:42:57Z
dc.date.issued2023-12
dc.identifier.citationLefoane M, Ghafir I, Kabir S et al (2023) Latent Dirichlet Allocation for the Detection of Multi-Stage Attacks. The 24th International Arab Conference on Information Technology. 6-8 Dec, Ajman, UAE.en_US
dc.identifier.urihttp://hdl.handle.net/10454/19768
dc.descriptionNoen_US
dc.description.abstractThe rapid shift and increase in remote access to organisation resources have led to a significant increase in the number of attack vectors and attack surfaces, which in turn has motivated the development of newer and more sophisticated cyber-attacks. Such attacks include Multi-Stage Attacks (MSAs). In MSAs, the attack is executed through several stages. Classifying malicious traffic into stages to get more information about the attack life-cycle becomes a challenge. This paper proposes a malicious traffic clustering approach based on Latent Dirichlet Allocation (LDA). LDA is a topic modelling approach used in natural language processing to address similar problems. The proposed approach is unsupervised learning and therefore will be beneficial in scenarios where traffic data is not labeled and analysis needs to be performed. The proposed approach uncovers intrinsic contexts that relate to different categories of attack stages in MSAs. These are vital insights needed across different areas of cybersecurity teams like Incident Response (IR) within the Security Operations Center (SOC), the insights uncovered could have a positive impact in ensuring that attacks are detected at early stages in MSAs. Besides, for IR, these insights help to understand the attack behavioural patterns and lead to reduced time in recovery following an incident. The proposed approach is evaluated on a publicly available MSAs dataset. The performance results are promising as evidenced by over 99% accuracy in identified malicious traffic clusters.en_US
dc.language.isoenen_US
dc.relation.isreferencedbyhttps://www.acit2k.org/ACIT/index.php/about-acit-2023en_US
dc.subjectMulti-stage attacken_US
dc.subjectNetwork securityen_US
dc.subjectIntrusion detection systemen_US
dc.subjectLatent dirichlet allocationen_US
dc.subjectTopic modellingen_US
dc.titleLatent Dirichlet Allocation for the Detection of Multi-Stage Attacksen_US
dc.status.refereedYesen_US
dc.date.Accepted2023-10-29
dc.typeConference paperen_US
dc.type.versionNo full-text in the repositoryen_US
dc.rights.licenseUnspecifieden_US
dc.date.updated2023-12-19T16:58:47Z
refterms.dateFOA2024-01-22T12:43:35Z
dc.openaccess.statusclosedAccessen_US


Item file(s)

Thumbnail
Name:
Latent_Dirichlet_Allocation_fo ...
Size:
520.6Kb
Format:
PDF

This item appears in the following Collection(s)

Show simple item record