A carregar...
Publicação
Machine Learning for Attack Tracking in Cyber-Physical Honeynets
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 2.96 MB | Adobe PDF |
Autores
Orientador(es)
Resumo(s)
Protecting cyber-physical systems against sophisticated attacks is essential. To that effect, honeynets can be deployed to lure attacker and study their techniques. This research delves into applying machine learning techniques for attack classification and tracking in cyber-physical honeynets, leveraging datasets such as X-IIoTID and SCVIC-APT-2021. The study evaluates a broad range of machine learning models, with ensemble-based methods like Random Forest (RF) and XGBoost (XGB) demonstrating superior performance due to their robustness and ability to model complex, high-dimensional relationships. XGB, in particular, provided a strong balance between accuracy and practicality, delivering consistent results across diverse attack types in both 10-class and 17-class multi-class classification tasks. Furthermore, the study investigates the potential for APT tracking and correlation by applying clustering algorithms to the SCVIC-APT-2021 dataset. By analyzing distances between cluster centroids, the research aims to group attacks that belong to the same APT campaign, thereby enabling early-stage threat attribution. The ability to classify attacks accurately and correlate them to broader threat patterns empowers security teams with predictive capabilities, allowing for proactive defense strategies and better response coordination. Overall, this thesis provides a comprehensive analysis of OT-focused cybersecurity datasets, presents effective ML-based intrusion detection approaches, and introduces a novel direction for APT correlation, contributing valuable insights for enhancing cyber resilience in industrial environments.
Descrição
Tese de Mestrado, Segurança Informática, 2025, Universidade de Lisboa, Faculdade de Ciências
Palavras-chave
Dataset Attack Machine Learning Classification Cluster