Detecting Reconnaissance and Discovery Tactics from the MITRE ATT&CK Framework in Zeek Conn Logs Using Spark's Machine Learning in the Big Data Framework.
Apache Spark
MITRE ATT&CK® framework
Zeek Connection Logs
big data
intrusion detection systems
machine learning
network traffic analysis
Journal
Sensors (Basel, Switzerland)
ISSN: 1424-8220
Titre abrégé: Sensors (Basel)
Pays: Switzerland
ID NLM: 101204366
Informations de publication
Date de publication:
20 Oct 2022
20 Oct 2022
Historique:
received:
07
09
2022
revised:
17
10
2022
accepted:
18
10
2022
entrez:
27
10
2022
pubmed:
28
10
2022
medline:
29
10
2022
Statut:
epublish
Résumé
While computer networks and the massive amount of communication taking place on these networks grow, the amount of damage that can be done by network intrusions grows in tandem. The need is for an effective and scalable intrusion detection system (IDS) to address these potential damages that come with the growth of these networks. A great deal of contemporary research on near real-time IDS focuses on applying machine learning classifiers to labeled network intrusion datasets, but these datasets need be relevant pertaining to the currency of the network intrusions. This paper focuses on a newly created dataset,
Identifiants
pubmed: 36298351
pii: s22207999
doi: 10.3390/s22207999
pmc: PMC9610873
pii:
doi:
Types de publication
Journal Article
Langues
eng
Sous-ensembles de citation
IM
Subventions
Organisme : National Security Agency
ID : H98230-21-1-0170