20,660 research outputs found
Recommended from our members
Intrusion alert prioritisation and attack detection using post-correlation analysis
Event Correlation used to be a widely used technique for interpreting alert logs and discovering network attacks. However, due to the scale and complexity of today's networks and attacks, alert logs produced by these modern networks are much larger in volume and difficult to analyse. In this research we show that adding post-correlation methods can be used alongside correlation to significantly improve the analysis of alert logs.
We proposed a new framework titled A Comprehensive System for Analysing Intrusion Alerts (ACSAnIA). The post-correlation methods include a new prioritisation metric based on anomaly detection and a novel approach to clustering events using correlation knowledge. One of the key benefits of the framework is that it significantly reduces false-positive alerts and it adds contextual information to true-positive alerts.
We evaluated the post-correlation methods of ACSAnIA using data from a 2012 cyber range experiment carried out by industrial partners of the British Telecom Security Practice Team. In one scenario, our results show that false-positives were successfully reduced by 97% and in another scenario, 16%. It also showed that clustering correlated alerts aided in attack detection.
The proposed framework is also being developed and integrated into a pre-existing Visual Analytic tool developed by the British Telecom SATURN Research Team for the analysis of cyber security data
NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem
As a consequence of the growing popularity of smart mobile devices, mobile
malware is clearly on the rise, with attackers targeting valuable user
information and exploiting vulnerabilities of the mobile ecosystems. With the
emergence of large-scale mobile botnets, smartphones can also be used to launch
attacks on mobile networks. The NEMESYS project will develop novel security
technologies for seamless service provisioning in the smart mobile ecosystem,
and improve mobile network security through better understanding of the threat
landscape. NEMESYS will gather and analyze information about the nature of
cyber-attacks targeting mobile users and the mobile network so that appropriate
counter-measures can be taken. We will develop a data collection infrastructure
that incorporates virtualized mobile honeypots and a honeyclient, to gather,
detect and provide early warning of mobile attacks and better understand the
modus operandi of cyber-criminals that target mobile devices. By correlating
the extracted information with the known patterns of attacks from wireline
networks, we will reveal and identify trends in the way that cyber-criminals
launch attacks against mobile devices.Comment: Accepted for publication in Proceedings of the 28th International
Symposium on Computer and Information Sciences (ISCIS'13); 9 pages; 1 figur
Cyber situational awareness: from geographical alerts to high-level management
This paper focuses on cyber situational awareness and describes a visual analytics solution for monitoring and putting in tight relation data from network level with the organization business. The goal of the proposed solution is to make different security profiles (network security officer, network security manager, and financial security manager) aware of the actual network state (e.g., risk and attack progress) and the impact it actually has on the business tasks, making clear the relationships that exist between the network level and the business level. The proposed solution is instantiated on the ACEA infrastructure, the Italian company that provides power and water purification services to cities in central Italy (millions of end users
- …