CLUSTER-BASED PRECISION MITIGATION OF NETWORK ATTACKS

摘要

Provided are methods and systems for cluster-based mitigation of a network attack. A method for cluster-based mitigation of a network attack may commence with detecting an unusual pattern in network data traffic associated with data sources. The method may further include extracting signature parameters associated with the network data traffic. The signature parameters may be indicative of the network attack. The method may continue with assigning importance weights to the signature parameters based on historical signature data to generate weighted signature parameters. The method may further include building a decision tree for the data sources based on the weighted signature parameters. The method may continue with creating an optimal number of clusters for the data sources based on an analysis of the decision tree. The method may further include selectively taking at least one mitigating action with regard to the data sources within the clusters.