A systematic mapping study on intrusion alert analysis in intrusion detection systems
AA Ramaki, A Rasoolzadegan, AG Bafghi - ACM computing surveys …, 2018 - dl.acm.org
Intrusion alert analysis is an attractive and active topic in the area of intrusion detection
systems. In recent decades, many research communities have been working in this field …
systems. In recent decades, many research communities have been working in this field …
OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks
Current attacks are complex and stealthy. The recent WannaCry malware campaign
demonstrates that this is true not only for targeted operations, but also for massive attacks …
demonstrates that this is true not only for targeted operations, but also for massive attacks …
Multi-step attack pattern detection on normalized event logs
Looking at recent cyber-attacks in the news, a growing complexity and sophistication of
attack techniques can be observed. Many of these attacks are performed in multiple steps to …
attack techniques can be observed. Many of these attacks are performed in multiple steps to …
Automated Event Log Analysis with Causal Dependency Graphs for Impact Assessment of Business Processes
Business Impact Analysis (BIA) assesses the effects of cyberattacks on critical business
processes and IT assets. Traditional BIAs are manual, relying on consultants to interview …
processes and IT assets. Traditional BIAs are manual, relying on consultants to interview …
PVD: Passive vulnerability detection
The identification of vulnerabilities relies on detailed information about the target
infrastructure. The gathering of the necessary information is a crucial step that requires an …
infrastructure. The gathering of the necessary information is a crucial step that requires an …
Parallel and distributed normalization of security events for instant attack analysis
When looking at media reports nowadays, major security breaches of big companies and
governments seem to be a normal situation. An important step for the investigation or even …
governments seem to be a normal situation. An important step for the investigation or even …
Mobile agent-based SIEM for event collection and normalization externalization
N Moukafih, G Orhanou, S Elhajji - Information & Computer Security, 2020 - emerald.com
Purpose This paper aims to propose a mobile agent-based security information and event
management architecture (MA-SIEM) that uses mobile agents for near real-time event …
management architecture (MA-SIEM) that uses mobile agents for near real-time event …
Accelerating event processing for security analytics on a distributed in-memory platform
The analysis of security-related event logs is an important step for the investigation of cyber-
attacks. It allows tracing malicious activities and lets a security operator find out what has …
attacks. It allows tracing malicious activities and lets a security operator find out what has …
[PDF][PDF] Targeted attack detection by means of free and open source solutions
LF Bernardo - Targeted Attack Detection by Means of Free and …, 2018 - researchgate.net
Compliance requirements are part of everyday business requirements for various areas,
such as retail and medical services. As part of compliance it may be required to have …
such as retail and medical services. As part of compliance it may be required to have …
[PDF][PDF] Information Extraction Using Named Entity Recognition from Log Messages
P Pokharel - PhD thesis, 2018 - researchgate.net
Extracting correct and useful information from log messages is useful for real-time analysis
and detecting faults, anomalies and security threats. The semantics of the extracted …
and detecting faults, anomalies and security threats. The semantics of the extracted …