MCM-CASR: Novel Alert Correlation Framework for Cyber Attack Scenario Reconstruction Based on NLP, NER, and Semantic Similarity | |
---|---|
Author | |
Abstract |
Cyber attack scenario reconstruction plays a crucial role in understanding and mitigating security breaches. In this paper, we propose a novel framework that leverages Natural Language Processing (NLP), specifically Named Entity Recognition (NER), and semantic similarity techniques to reconstruct cyber attack scenarios. By analyzing Intrusion Detection alerts, our offline approach identifies relevant entities, detects relationships between them, and measures semantic similarity to uncover hidden patterns and connections. We demonstrate the effectiveness of our framework through experimental evaluations using a public dataset. The results highlight the potential of NLP-based approaches in cyber attack scenario reconstruction. |
Year of Publication |
2023
|
Date Published |
oct
|
Publisher |
IEEE
|
Conference Location |
Montreal, QC, Canada
|
ISBN Number |
9798350342871
|
URL |
https://ieeexplore.ieee.org/document/10339751/
|
DOI |
10.1109/CSNet59123.2023.10339751
|
Google Scholar | BibTeX | DOI |