Evaluation of a Graphical Attack Fingerprint Model and Comparison against the Snort IDS




Saropourian, Behnaz

Journal Title

Journal ISSN

Volume Title



Today, the number of targeted attacks has increased extremely. The attacks have increased in sophistication and diversity. It is imperative to deploy effective and proactive countermeasures that can help mitigate the threats to organizations and citizens. The Activity and Event Network (AEN) is a new knowledge graph that uses graph database technology to model security relevant network data items and their relationships as they change through time and apply various threat detection techniques. The purpose of the project is to evaluate the performance of one of the AEN threat detection techniques based on graph-based attack fingerprints or signatures, and conduct a comparison with the Snort IDS, which is a popular signature-based IDS. The evaluation was conducted using the CICIDS2017 public dataset, and discussions of the strengths and limitations of the fingerprint model were conducted, paving the way for future improvements.



Activity and Event Network (AEN), Snort IDS, CICIDS2017, Graph-based Attack Fingerprints