Další formáty:
BibTeX
LaTeX
RIS
@article{1631616, author = {Husák, Martin and Bajtoš, Tomáš and Kašpar, Jaroslav and BouandHarb, Elias and Čeleda, Pavel}, article_number = {4}, doi = {http://dx.doi.org/10.1145/3386250}, keywords = {data mining;situational awareness;intrusion detection;attack prediction}, language = {eng}, issn = {2158-656X}, journal = {ACM Transactions on Management Information Systems}, title = {Predictive Cyber Situational Awareness and Personalized Blacklisting: A Sequential Rule Mining Approach}, url = {https://dl.acm.org/doi/10.1145/3386250}, volume = {11}, year = {2020} }
TY - JOUR ID - 1631616 AU - Husák, Martin - Bajtoš, Tomáš - Kašpar, Jaroslav - Bou-Harb, Elias - Čeleda, Pavel PY - 2020 TI - Predictive Cyber Situational Awareness and Personalized Blacklisting: A Sequential Rule Mining Approach JF - ACM Transactions on Management Information Systems VL - 11 IS - 4 SP - 1-16 EP - 1-16 PB - Association for Computing Machinery SN - 2158656X KW - data mining;situational awareness;intrusion detection;attack prediction UR - https://dl.acm.org/doi/10.1145/3386250 L2 - https://dl.acm.org/doi/10.1145/3386250 N2 - Cybersecurity adopts data mining for its ability to extract concealed and indistinct patterns in the data, such as for the needs of alert correlation. Inferring common attack patterns and rules from the alerts helps in understanding the threat landscape for the defenders and allows for the realization of cyber situational awareness, including the projection of ongoing attacks. In this paper, we explore the use of data mining, namely sequential rule mining, in the analysis of intrusion detection alerts. We employed a dataset of 12 million alerts from 34 intrusion detection systems in 3 organizations gathered in an alert sharing platform, and processed it using our analytical framework. We execute the mining of sequential rules that we use to predict security events, which we utilize to create a predictive blacklist. Thus, the recipients of the data from the sharing platform will receive only a small number of alerts of events that are likely to occur instead of a large number of alerts of past events. The predictive blacklist has the size of only 3 % of the raw data, and more than 60 % of its entries are shown to be successful in performing accurate predictions in operational, real-world settings. ER -
HUSÁK, Martin, Tomáš BAJTOŠ, Jaroslav KAŠPAR, Elias BOU-HARB a Pavel ČELEDA. Predictive Cyber Situational Awareness and Personalized Blacklisting: A Sequential Rule Mining Approach. \textit{ACM Transactions on Management Information Systems}. Association for Computing Machinery, 2020, roč.~11, č.~4, s.~1-16. ISSN~2158-656X. Dostupné z: https://dx.doi.org/10.1145/3386250.
|