Incorporating Taxonomies of Cyber Incidents Into Detection Networks for Improved Detection Performance
By: Ryan Warnick
Potential Business Impact:
Finds best ways to spot online bad guys.
Many taxonomies exist to organize cybercrime incidents into ontological categories. We examine some of the taxonomies introduced in the literature; providing a framework, and analysis, of how best to leverage different taxonomy structures to optimize performance of detections targeting various types of threat-actor behaviors under the umbrella of precision and recall. Networks of detections are studied, and results are outlined showing properties of networks of interconnected detections. Some illustrations are provided to show how the construction of sets of detections to prevent broader types of attacks is limited by trade-offs in precision and recall under constraints. An equilibrium result is proven and validated on simulations, illustrating the existence of an optimal detection design strategy in this framework.
Similar Papers
Temporal Analysis Framework for Intrusion Detection Systems: A Novel Taxonomy for Time-Aware Cybersecurity
Cryptography and Security
Finds computer attacks before they cause damage.
Rethinking Denial-of-Service: A Conditional Taxonomy Unifying Availability and Sustainability Threats
Cryptography and Security
Spots new internet attacks by looking at their behavior.
Towards a Systematic Taxonomy of Attacks against Space Infrastructures
Cryptography and Security
Maps out all the ways space stuff can be attacked.