[HTML][HTML] Cyber risk and cybersecurity: a systematic review of data availability
Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020,
indicating an increase of more than 50% since 2018. With the average cyber insurance …
indicating an increase of more than 50% since 2018. With the average cyber insurance …
Systematic literature review of security event correlation methods
Security event correlation approaches are necessary to detect and predict incremental
threats such as multi-step or targeted attacks (advanced persistent threats) and other causal …
threats such as multi-step or targeted attacks (advanced persistent threats) and other causal …
A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities
Abstract Information systems need to process a large amount of event monitoring data. The
process of finding the relationships between events is called correlation, which creates a …
process of finding the relationships between events is called correlation, which creates a …
Attack scenario reconstruction via fusing heterogeneous threat intelligence
X Zang, J Gong, X Zhang, G Li - Computers & Security, 2023 - Elsevier
Nowadays, new-generation threats often use multiple means or perform several steps to
intrude into networks and ultimately reach their objective. These new threats have multi …
intrude into networks and ultimately reach their objective. These new threats have multi …
Systematic review and quantitative comparison of cyberattack scenario detection and projection
Intrusion Detection Systems (IDSs) automatically analyze event logs and network traffic in
order to detect malicious activity and policy violations. Because IDSs have a large number of …
order to detect malicious activity and policy violations. Because IDSs have a large number of …
Systematic review analysis on SQLIA detection and prevention approaches
SQL injection attack (SQLIA) is one of the most severe attacks that can be used against web
database driving applications. Attackers use SQLIA to get unauthorized access and perform …
database driving applications. Attackers use SQLIA to get unauthorized access and perform …
Attack scenario reconstruction approach using attack graph and alert data mining
H Hu, J Liu, Y Zhang, Y Liu, X Xu, J Tan - Journal of Information Security …, 2020 - Elsevier
Existing alert correlation methods do not consider the unsuccessful paths and true negative
alerts of IDS, which affects the completeness and visualization of attack restoring. To …
alerts of IDS, which affects the completeness and visualization of attack restoring. To …
Multi-stage attack detection via kill chain state machines
Today, human security analysts need to sift through large volumes of alerts they have to
triage during investigations. This alert fatigue results in failure to detect complex attacks …
triage during investigations. This alert fatigue results in failure to detect complex attacks …
An effective attack scenario construction model based on identification of attack steps and stages
Abstract A Network Intrusion Detection System is a network security technology for detecting
intruder attacks. However, it produces a great amount of low-level alerts which makes the …
intruder attacks. However, it produces a great amount of low-level alerts which makes the …
GRAIN: Graph neural network and reinforcement learning aided causality discovery for multi-step attack scenario reconstruction
F Xiao, S Chen, J Yang, H He, X Jiang, X Tan, D Jin - Computers & Security, 2025 - Elsevier
Correlating individual alerts to reconstruct attack scenarios has become a critical issue in
identifying multi-step attack paths. Most of existing reconstruction approaches depend on …
identifying multi-step attack paths. Most of existing reconstruction approaches depend on …