A METHOD FOR CLASSIFYING ATTACK SOURCES IN CYBER-ATTACK SENSOR SYSTEMS

摘要

A system for classifying sources of cyber-attacks in attack-sensor systems by analyzing attack metadata, comprising at least one processor adapted to obtain metadata from data regarding attacks in the form of access operations to the system, which is monitored by one or more sensors deployed within the sensor-based system; filter portions of data from the metadata for reaching a desirable dataset for modeling; create attack sessions that aggregate the atomic attacks per each attacker; extract statistical features for a learning phase; label attack sessions with an appropriate source attack label; generate a class modeler based on the extracted features and the labels; and store the class modeler in a memory.