Name
Abstract | ||
|---|---|---|
Security Operation Centers rely on data triage to identify the true "signals" from a large volume of noisy alerts and "connect the dots" to answer certain higher-level questions about the attack activities. This work aims to automatically generate data triage automatons directly from cybersecurity analysts' operation traces. Existing methods for generating data triage automatons, including Security Information and Event Management systems (SIEMs), require event correlation rules to be generated by dedicated manual effort from expert analysts. To save analysts' workloads, we propose to "mine" data triage rules out of cybersecurity analysts' operation traces and to use these rules to construct data triage automatons. Our approach may make the cost (of data triage automaton generation) orders of magnitudes smaller. We have designed and implemented the new system and evaluated it through a human-in-the-loop case study. The case study shows that our system can use the analysts' operation traces as input and automatically generate a corresponding state machine for data triage. The operation traces were collected in our previous lab experiment. 29 professional cybersecurity analysts were recruited to analyze a set of IDS alerts and firewall logs. False positive and false negative rates were calculated to evaluate the performance of the data triage state machine by comparing with the ground truth. |
Year | DOI | Venue |
|---|---|---|
2016 | 10.1109/BigDataSecurity-HPSC-IDS.2016.41 | 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS) |
Keywords | DocType | Citations |
Cybersecurity,Data Triage,Graph-Based Analysis,State Machine | Conference | 3 |
PageRank | References | Authors |
0.39 | 0 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Chen Zhong | 1 | 21 | 4.48 |
| John Yen | 2 | 404 | 31.75 |
| P. Liu | 3 | 378 | 41.58 |
| Robert F. Erbacher | 4 | 202 | 27.65 |