Print Email Facebook Twitter Investigating the impact of PDFA implementation on alert-driven attack graphs Title Investigating the impact of PDFA implementation on alert-driven attack graphs: A comparison between the Suffix-based PDFA and PDFA models Author Oprea, Ioan (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Verwer, S.E. (mentor) Nadeem, A. (mentor) Katsifodimos, A (graduation committee) Degree granting institution Delft University of Technology Programme Computer Science and Engineering Project CSE3000 Research Project Date 2023-06-28 Abstract SAGE is a deterministic and unsupervised learning pipeline that can generate attack graphs from intrusion alerts without input knowledge from a security analyst. Using a suffix-based probabilistic deterministic finite automaton (S-PDFA), the system compresses over 1 million alerts into less than 500 attack graphs (AGs), which are concise and manageable. Unlike other frequency analysis methods, SAGE does not discard infrequent high-severity alerts, which are crucial for learning the penetration strategies of attackers. This paper compares the baseline algorithm (i.e. S-PDFA) with a modelling assumption generated by swapping the S-PDFA with a PDFA. The aim is to validate the quality of SAGE and propose possible solutions for PDFA usage, allowing the algorithm to generate AGs in real-time. We compare them both quantitatively and qualitatively using size, complexity, completeness and interpretability metrics. Our findings show that AGs generated by the PDFA are more readable and as complete while being slightly larger (i.e. 16% larger) than the baseline S-PDFA. In certain cases, it can also better capture different attack strategies, proving that, if further optimized, it can perform better than the baseline. Subject attack graphS-PDFAPDFAcybersecurityintrusion alerts To reference this document use: http://resolver.tudelft.nl/uuid:a51db672-a286-4568-85db-05ecbae3cca5 Part of collection Student theses Document type bachelor thesis Rights © 2023 Ioan Oprea Files PDF Licen_automatic_i_calcula ... _Oprea.pdf 3.16 MB Close viewer /islandora/object/uuid:a51db672-a286-4568-85db-05ecbae3cca5/datastream/OBJ/view