CyDoc : A Framework for Detecting and Mitigating Cyberattack

Abstract

Cybersecurity has increasingly become important in many parts of our society. Nonetheless, cyberattacks continue to occur, which sometimes are reported to lead to undesirable consequences, such as financial loss, stolen military secrets, disruption in transportation services, and the like. In this thesis, we propose CyDoc, a framework for cyberattack detection and mitigation. For this proposal, we draw an analogy of medical diagnosis of disease and treatment respectively to cyberattack detection and mitigation. More specifically, we firstly propose capturing knowledge of cyberattacks in terms of a pattern knowledge base, where knowledge of individual cyberattack instances are organized into hierarchies of cyberattack pattern classes and knowledge of relationships between them into associations. We then propose utilizing machine learning algorithms in detecting cyberattack instances against the cyberattack pattern knowledge base. To see both the strengths and weaknesses of CyDoc, we have studied some samples of cyberattacks. Our observation, at least for a limited number and types of cyberattacks, is that our knowledge base helps capture more knowledge of cyberattacks than otherwise would have been, and also the machine learning algorithms can help detect cyberattack instances.