Journal
COMPUTERS & SECURITY
Volume 76, Issue -, Pages 214-249Publisher
ELSEVIER ADVANCED TECHNOLOGY
DOI: 10.1016/j.cose.2018.03.001
Keywords
Advanced persistent threat; Event correlation; Intrusion detection system; Multi-stage attack; Multi-step attack; Network security
Categories
Funding
- French Banque Publique d'Investissement (BPI) [FUI-AAP-19]
- ICube SENSAI Project
Ask authors/readers for more resources
Since the beginning of the Internet, cyberattacks have threatened users and organisations. They have become more complex concurrently with computer networks. Nowadays, attackers need to perform several intrusion steps to reach their final objective. The set of these steps is known as multi-step attack, multi-stage attack or attack scenario. Their multi-step nature hinders intrusion detection, as the correlation of more than one action is needed to understand the attack strategy and identify the threat. Since the beginning of 2000s, the security research community has tried to propose solutions to detect this kind of threat and to predict further steps. This survey aims to gather all the publications proposing multi-step attack detection methods. We focus on methods that go beyond the detection of a symptom and try to reveal the whole structure of the attack and the links between its steps. We follow a systematic approach to bibliographic research in order to identify the relevant literature. Our effort results in a corpus of 181 publications covering 119 methods, which we describe and classify. The analysis of the publications allows us to extract some conclusions about the state of research in multi-step attack detection. As far as we know, this is the first survey fully dedicated to multi-step attack detection methods as mechanisms to reveal attack scenarios composed of digital traces left by attackers. (C) 2018 Elsevier Ltd. All rights reserved.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available