Online Imposition Aware Aggregation with Generative Data Flow Model
Aware aggregation is an important subtask of Imposition detection. The goal is to identify and to cluster different awares produced by low-level Imposition detection systems, firewalls, etc. Belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-awares can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., awares) can be reduced substantially. Meta-awares may then be the basis for reporting to security experts or for communication within a distributed Imposition detection system.