Mining known attack patterns from security-related events
نویسندگان
چکیده
Managed Security Services (MSS) have become an essential asset for companies to have in order to protect their infrastructure from hacking attempts such as unauthorized behaviour, denial of service (DoS), malware propagation, and anomalies. A proliferation of attacks has determined the need for installing more network probes and collecting more security-related events in order to assure the best coverage, necessary for generating incident responses. The increase in volume of data to analyse has created a demand for specific tools that automatically correlate events and gather them in pre-defined scenarios of attacks. Motivated by Above Security, a specialized company in the sector, and by National Research Council Canada (NRC), we propose a new data mining system that employs text mining techniques to dynamically relate security-related events in order to reduce analysis time, increase the quality of the reports, and automatically build correlated scenarios. Subjects Computer Networks and Communications, Data Mining and Machine Learning, Security and Privacy
منابع مشابه
Efficient visualization of security events in a large agent society
The paper describes the design and development of an efficient visualization tool called security console for monitoring security related events in a large agent society (CougaarTM). This administrative tool is primarily used to collect and process alert messages generated by various sensors across the distributed agent society. This tool exploits the agents’ hierarchical structural for aggrega...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملA study on fuzzy intrusion detection
Current intrusion detection techniques mainly focus on discovering abnormal system events in computer networks and distributed communication systems. Clustering techniques are normally utilized to determine a possible attack. Due to the uncertainty nature of intrusions, fuzzy sets play an important role in recognizing dangerous events and reducing false alarms level. This paper proposes a dynam...
متن کاملHMAC-Based Authentication Protocol: Attacks and Improvements
As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...
متن کاملImproving Efficiency of Apriori Algorithms for Sequential Pattern Mining
ISSN 2277 5048 | © 2014 Bonfring Abstract--Computer Systems are exposed to an increasing number of different types of security threats due to the expanding of internet in recent years. How to detect network intrusions effectively becomes an important security technique. Many intrusions aren’t composed by single events, but by a series of attack steps taken in chronological order. Analyzing the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- PeerJ Computer Science
دوره 1 شماره
صفحات -
تاریخ انتشار 2015