CyDoc : A Framework for Detecting and Mitigating Cyberattack
Abstract
Abstract
Cybersecurity has increasingly become important in many parts of our society. Nonetheless, cyberattacks continue to occur, which sometimes are reported to lead to undesirable
consequences, such as financial loss, stolen military secrets, disruption in transportation services, and the like. In this thesis, we propose CyDoc, a framework for cyberattack detection
and mitigation. For this proposal, we draw an analogy of medical diagnosis of disease and
treatment respectively to cyberattack detection and mitigation. More specifically, we firstly
propose capturing knowledge of cyberattacks in terms of a pattern knowledge base, where
knowledge of individual cyberattack instances are organized into hierarchies of cyberattack
pattern classes and knowledge of relationships between them into associations. We then
propose utilizing machine learning algorithms in detecting cyberattack instances against the
cyberattack pattern knowledge base. To see both the strengths and weaknesses of CyDoc,
we have studied some samples of cyberattacks. Our observation, at least for a limited number and types of cyberattacks, is that our knowledge base helps capture more knowledge of
cyberattacks than otherwise would have been, and also the machine learning algorithms can
help detect cyberattack instances.