Name
Title | ||
|---|---|---|
On the Detection of Persistent Attacks using Alert Graphs and Event Feature Embeddings. |
Abstract | ||
|---|---|---|
Intrusion Detection Systems (IDS) generate a high volume of alerts that security analysts do not have the resources to explore fully. Modelling attacks, especially the coordinated campaigns of Advanced Persistent Threats (APTs), in a visually-interpretable way is a useful approach for network security. Graph models combine multiple alerts and are well suited for visualization and interpretation, increasing security effectiveness. In this paper, we use feature embeddings, learned from network event logs, and community detection to construct and segment alert graphs of related alerts and networks hosts. We posit that such graphs can aid security analysts in investigating alerts and may capture multiple aspects of an APT attack. The eventual goal of this approach is to construct interpretable attack graphs and extract causality information to identify coordinated attacks. |
Year | DOI | Venue |
|---|---|---|
2020 | 10.1109/NOMS47738.2020.9110439 | NOMS |
DocType | Citations | PageRank |
Conference | 1 | 0.36 |
References | Authors | |
0 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Benjamin Burr | 1 | 1 | 0.36 |
| Shelly Wang | 2 | 1 | 0.36 |
| Geoff Salmon | 3 | 1 | 0.36 |
| Hazem M. Soliman | 4 | 1 | 0.36 |