Name
Abstract | ||
|---|---|---|
A substantial amount of cyber security analyst time is spent handling well-known and naïve threats and policy violations on the local network. This includes both the time spent actually identifying and analyzing the activity as well as generating and filing reports associated with the activity. With increasing concern over advanced persistent threats, there is an interest in the development of techniques to automatically handle well-known threats and policy violations. We propose extensions to existing case-based reasoning approaches to support the unique requirements of cyber security report generation. Specifically, we consider the fact that we are reporting on hostile actors that will attempt to game the system or manipulate the system to actually aid the actors in obfuscating their activity. In this paper, we describe the need for automated reporting, the applicability of case-based reasoning, our proposed extension to the standard case-based reasoning system model, and provide examples of the modified case-based reasoning system as applied to example cyber security scenarios. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/CyberSecurity.2012.31 | Cyber Security |
Keywords | Field | DocType |
automated reporting,cyber security analyst time,well-known threat,example cyber security scenario,case-based reasoning,standard case-based reasoning system,policy violation,cyber security report generation,case-based reasoning approach,network alert reporting,modified case-based reasoning system,local area networks,cyber security,case based reasoning,computer network security | Network security policy,Computer security,Network security,Local area network,Engineering,Reasoning system,Case-based reasoning | Conference |
ISBN | Citations | PageRank |
978-1-4799-0219-4 | 4 | 0.52 |
References | Authors | |
9 | 2 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Robert F. Erbacher | 1 | 202 | 27.65 |
| Steve Hutchinson | 2 | 21 | 4.59 |