Paper Info
Title
HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment.
Abstract
The advent of massive and highly heterogeneous information systems poses major challenges to professionals responsible for IT security. The huge amount of monitoring data currently being generated means that no human being or group of human beings can cope with their analysis. Furthermore, fully automated tools still lack the ability to track the associated events in a fine-grained and reliable way. Here, we propose the HuMa framework for detailed and reliable analysis of large amounts of data for security purposes. HuMa uses a multi-analysis approach to study complex security events in a large set of logs. It is organized around three layers: the event layer, the context and attack pattern layer, and the assessment layer. We describe the framework components and the set of complementary algorithms for security assessment. We also provide an evaluation of the contribution of the context and attack pattern layer to security investigation.
Year
DOI
Venue
2017
10.1007/978-3-319-75650-9_10
Lecture Notes in Computer Science
Keywords
Field
DocType
Security knowledge,Cognitive computing,Cybersecurity,Log analysis
Information system,Multi layer,Control engineering,Engineering,Cognitive computing,Security assessment,Distributed computing
Conference
Volume
ISSN
Citations 
10723
0302-9743
2
PageRank 
References 
Authors
0.38
11
13
Name
Order
Citations
PageRank
Julio Navarro1101.98
Véronique Legrand230.77
Sofiane Lagraa3287.48
Jérôme François417021.81
Abdelkader Lahmadi59018.46
Giulia De Santis620.72
Olivier Festor766585.40
Nadira Lammari815745.42
Fayçal Hamdi96612.27
Aline Deruyver107711.56
Quentin Goux1120.38
Morgan Allard1220.38
Pierre Parrend137312.64