Real Time Multistage Attack Detection Leveraging Machine Learning and MITRE Framework

Yuvraj Sanjayrao Takey, Sai Gopal Tatikayala, M. U. Patil, Lakshmi Eswari P. R, Satyanadha Sarma Samavedam
{"title":"Real Time Multistage Attack Detection Leveraging Machine Learning and MITRE Framework","authors":"Yuvraj Sanjayrao Takey, Sai Gopal Tatikayala, M. U. Patil, Lakshmi Eswari P. R, Satyanadha Sarma Samavedam","doi":"10.1109/SMART55829.2022.10047248","DOIUrl":null,"url":null,"abstract":"Organizations regardless of their size are rapidly transforming, adopting and embracing digitalization amid the COVID pandemic. The pandemic forced organizations to ratio- nalize offline operations and swift towards online operations. Many organizations have digitized their services and have witnessed increasing Multistage cyber-attacks. Further, a lot of organizations have enabled remote access to the enterprise resources and services. As a result, organizations are striving to defend against Multistage cyber-attacks. These multistage attacks often spread across many stages, which is best described by MITRE Adversarial Tactics, Techniques, and Common Knowl- edge (ATT&CK) Framework. There are many research efforts for static detection of malicious binaries but very few or limited research targeting run-time detection of malicious processes in the system. Detection of these malicious processes are key for identifying new variants of multistage attacks or malware in the real world. This paper proposes a system for detecting multistage attacks in real-time or run-time by leveraging Machine learning and MITRE ATT&CK Framework. Machine learning facilitates detecting the malicious process in the system, and the MITRE ATT&CK framework offers insight into adversary techniques. Combination of these two is very effective in detecting multistage attacks and identifying individual stages. The proposed system shows promising results when tested on real-time/latest malware. Test result shows that our system can achieve 95.83% of accuracy. This paper discusses the challenges in detection of runtime malware, dataset generation","PeriodicalId":431639,"journal":{"name":"2022 11th International Conference on System Modeling & Advancement in Research Trends (SMART)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 11th International Conference on System Modeling & Advancement in Research Trends (SMART)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SMART55829.2022.10047248","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Organizations regardless of their size are rapidly transforming, adopting and embracing digitalization amid the COVID pandemic. The pandemic forced organizations to ratio- nalize offline operations and swift towards online operations. Many organizations have digitized their services and have witnessed increasing Multistage cyber-attacks. Further, a lot of organizations have enabled remote access to the enterprise resources and services. As a result, organizations are striving to defend against Multistage cyber-attacks. These multistage attacks often spread across many stages, which is best described by MITRE Adversarial Tactics, Techniques, and Common Knowl- edge (ATT&CK) Framework. There are many research efforts for static detection of malicious binaries but very few or limited research targeting run-time detection of malicious processes in the system. Detection of these malicious processes are key for identifying new variants of multistage attacks or malware in the real world. This paper proposes a system for detecting multistage attacks in real-time or run-time by leveraging Machine learning and MITRE ATT&CK Framework. Machine learning facilitates detecting the malicious process in the system, and the MITRE ATT&CK framework offers insight into adversary techniques. Combination of these two is very effective in detecting multistage attacks and identifying individual stages. The proposed system shows promising results when tested on real-time/latest malware. Test result shows that our system can achieve 95.83% of accuracy. This paper discusses the challenges in detection of runtime malware, dataset generation
利用机器学习和MITRE框架的实时多阶段攻击检测
在COVID大流行期间,无论规模大小的组织都在迅速转型、采用和拥抱数字化。疫情迫使组织按比例调整离线业务,并迅速转向在线业务。许多组织已经将其服务数字化,并目睹了越来越多的多级网络攻击。此外,许多组织已经启用了对企业资源和服务的远程访问。因此,组织正在努力防御多级网络攻击。这些多阶段攻击通常跨越多个阶段,最好的描述是MITRE对抗战术、技术和共同知识边缘(ATT&CK)框架。对于恶意二进制文件的静态检测有很多研究,但是针对系统中恶意进程的运行时检测的研究很少或很有限。检测这些恶意进程是识别现实世界中多阶段攻击或恶意软件的新变体的关键。本文提出了一种利用机器学习和MITRE ATT&CK框架在实时或运行时检测多阶段攻击的系统。机器学习有助于检测系统中的恶意进程,而MITRE ATT&CK框架提供了对对手技术的洞察。这两者的结合在检测多阶段攻击和识别单个阶段时非常有效。在实时/最新恶意软件的测试中,该系统显示出良好的效果。测试结果表明,该系统可以达到95.83%的准确率。本文讨论了运行时恶意软件检测、数据集生成等方面的挑战
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信