AUTOMA: Automated Generation of Attack Hypotheses and Their Variants for Threat Hunting Using Knowledge Discovery
B Nour, M Pourzandi, RK Qureshi… - IEEE Transactions on …, 2024 - ieeexplore.ieee.org
Threat hunting is a proactive security defense line exercised to uncover attacks that could
circumvent conventional detection mechanisms. It is based on an iterative approach to …
circumvent conventional detection mechanisms. It is based on an iterative approach to …
AClog: Attack chain construction based on log correlation
Before the final attack happens, clandestine attackers conduct sequenced stages for being
stealthy and elusive. These attacks can leave clues in several different log files …
stealthy and elusive. These attacks can leave clues in several different log files …
基于系统溯源图的威胁发现与取证分析综述
冷涛, 蔡利君, 于爱民, 朱子元, 马建刚, 李超飞… - 通信 …, 2022 - infocomm-journal.com
通过调研溯源图研究相关的文献, 提出了基于系统溯源图的网络威胁发现和取证分析研究框架.
详细综述了基于溯源图的数据采集, 数据管理, 数据查询和可视化方法; 提出了基于规则 …
详细综述了基于溯源图的数据采集, 数据管理, 数据查询和可视化方法; 提出了基于规则 …
Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks
AA Ramaki, A Ghaemi-Bafghi… - arXiv preprint arXiv …, 2021 - arxiv.org
Nowadays, targeted attacks like Advanced Persistent Threats (APTs) has become one of the
major concern of many enterprise networks. As a common approach to counter these …
major concern of many enterprise networks. As a common approach to counter these …
[HTML][HTML] RAMA: a risk assessment solution for healthcare organizations
Recent cyber-attacks targeting healthcare organizations underscore the growing prevalence
of the sector as a prime target for malicious activities. As healthcare systems manage and …
of the sector as a prime target for malicious activities. As healthcare systems manage and …
Discovering correlations: A formal definition of causal dependency among heterogeneous events
C Xosanavongsa, E Totel… - 2019 IEEE European …, 2019 - ieeexplore.ieee.org
In order to supervise the security of a large infrastructure, the administrator deploys multiple
sensors and intrusion detection systems on several critical places in the system. It is easier …
sensors and intrusion detection systems on several critical places in the system. It is easier …
Forensic analysis of network attacks: Restructuring security events as graphs and identifying strongly connected sub-graphs
When analyzing the security of activities in a highly distributed system, an analyst faces a
huge number of events, mainly coming from network supervision mechanisms. To analyze …
huge number of events, mainly coming from network supervision mechanisms. To analyze …
A comprehensive survey on data provenance: State-of-the-art approaches and their deployments for iot security enforcement
Data provenance collects comprehensive information about the events and operations in a
computer system at both application and kernel levels. It provides a detailed and accurate …
computer system at both application and kernel levels. It provides a detailed and accurate …
A survey on threat hunting: Approaches and applications
L Chen, R Jiang, C Lin, A Li - 2022 7th IEEE International …, 2022 - ieeexplore.ieee.org
Advanced Persistent Threats (APT) have the characteristics of concealment, low frequency
and high technology integration. Threat hunting techniques can help the security analyst …
and high technology integration. Threat hunting techniques can help the security analyst …
CrptAC: Find the Attack Chain with Multiple Encrypted System Logs
W Lin, J Ma, T Li, H Ye, J Zhang, Y Xiao - Electronics, 2024 - mdpi.com
Clandestine assailants infiltrate intelligent systems in smart cities and homes for different
purposes. These attacks leave clues behind in multiple logs. Systems usually upload their …
purposes. These attacks leave clues behind in multiple logs. Systems usually upload their …