Publications
Regex-based linkography abstraction refinement for information security
Linkographs have been used in the past to model behavioral patterns for creative professionals. Recently, linkographs have been applied to the context of cyber security to study the behavioral patterns of remote attackers of cyber systems. We propose a human supervised algorithm that refines abstractions to be used for linkographic analysis of common attack patterns. The refinement algorithm attempts to maximize the accuracy of computer-derived linkographs by optimally merging and splitting abstraction classes, represented as regular expressions (regexes). We first describe an algorithm to select and perform a globally optimal merge of two abstraction classes. We then describe a counterpart algorithm to select and split a single abstraction class into two separate ones. We cast a regex as a conjunction of disjunctions and refine it by adding and removing conjunctive and disjunctive elements. We also show how to use the Stoer-Wagner algorithm, normally used for least cost cuts of graphs, to create two optimal subsets of a set of elements.