MCM-CASR: Novel Alert Correlation Framework for Cyber Attack Scenario Reconstruction Based on NLP, NER, and Semantic Similarity
Author
Abstract

Cyber attack scenario reconstruction plays a crucial role in understanding and mitigating security breaches. In this paper, we propose a novel framework that leverages Natural Language Processing (NLP), specifically Named Entity Recognition (NER), and semantic similarity techniques to reconstruct cyber attack scenarios. By analyzing Intrusion Detection alerts, our offline approach identifies relevant entities, detects relationships between them, and measures semantic similarity to uncover hidden patterns and connections. We demonstrate the effectiveness of our framework through experimental evaluations using a public dataset. The results highlight the potential of NLP-based approaches in cyber attack scenario reconstruction.

Year of Publication
2023
Date Published
oct
Publisher
IEEE
Conference Location
Montreal, QC, Canada
ISBN Number
9798350342871
URL
https://ieeexplore.ieee.org/document/10339751/
DOI
10.1109/CSNet59123.2023.10339751
Google Scholar | BibTeX | DOI