Investigating the Impact of Merging Sink States on Alert-Driven Attack Graphs: The effects of merging sink states with other sink states and the core of the S-PDFA

SAGE is an unsupervised sequence learning pipeline that generates alert-driven attack graphs (AGs) without the need for prior expert knowledge about existing vulnerabilities and network topology. Using a suffix-based probabilistic deterministic finite automaton (S-PDFA), it accentuates infrequent high-severity alerts without discarding frequent...

Investigating the Impact of Sink State Merging on Alert-Driven Attack Graphs: The effects of allowing the sink states to merge with other sink states

This research paper focuses on the complex domain of alert-driven attack graphs. SAGE is a tool which generates such attack graphs (AGs) by using a suffix-based probabilistic deterministic finite automaton (S-PDFA). One of the substantial properties of this algorithm is to detect infrequent severe alerts while maintaining the context of attacks...

Investigating the impact of PDFA implementation on alert-driven attack graphs: A comparison between the Suffix-based PDFA and PDFA models

SAGE is a deterministic and unsupervised learning pipeline that can generate attack graphs from intrusion alerts without input knowledge from a security analyst. Using a suffix-based probabilistic deterministic finite automaton (S-PDFA), the system compresses over 1 million alerts into less than 500 attack graphs (AGs), which are concise and...