Cyber indicators of compromise: a domain ontology for security information and event management

It has been said that cyber attackers are attacking at wire speed (very fast), while cyber defenders are defending at human speed (very slow). Researchers have been working to improve this asymmetry by automating a greater portion of what has traditionally been very labor-intensive work. This work is involved in both the monitoring of live system events (to detect attacks), and the review of historical system events (to investigate attacks). One technology that is helping to automate this work is Security Information and Event Management (SIEM). In short, SIEM technology works by aggregating log information, and then sifting through this information looking for event correlations that are highly indicative of attack activity. For example: Administrator successful local logon and (concurrently) Administrator successful remote logon. Such correlations are sometimes referred to as indicators of compromise (IOCs). Though IOCs for network-based data (i.e., packet headers and payload) are fairly mature (e.g., Snort's large rule-base), the field of end-device IOCs is still evolving and lacks any well-defined go-to standard accepted by all. This report addresses ontological issues pertaining to end-device IOCs development, including what they are, how they are defined, and what dominant early standards already exist.http://archive.org/details/cyberindicatorso1094553041Lieutenant, United States NavyApproved for public release; distribution is unlimited

The XXL Survey . IV. Mass-temperature relation of the bright cluster sample

Part of the first data release of the XXL Survey. Associated data is accessible via CDS and via the XXL Database hosted at IASF-MIContext. The XXL Survey is the largest survey carried out by XMM-Newton. Covering an area of 50 deg2, the survey contains ~450 galaxy clusters out to a redshift ~2 and to an X-ray flux limit of ~ 5 × 10-15 erg s-1 cm-2. This paper is part of the first release of XXL results focussed on the bright cluster sample. Aims: We investigate the scaling relation between weak-lensing mass and X-ray temperature for the brightest clusters in XXL. The scaling relation discussed in this article is used to estimate the mass of all 100 clusters in XXL-100-GC. Methods: Based on a subsample of 38 objects that lie within the intersection of the northern XXL field and the publicly available CFHTLenS shear catalog, we derive the weak-lensing mass of each system with careful considerations of the systematics. The clusters lie at 0.1 Results: The mass-temperature relation fit (M ∝ Tb) to the XXL clusters returns a slope and intrinsic scatter σlnM|T≃ 0.53; the scatter is dominated by disturbed clusters. The fit to the combined sample of 96 clusters is in tension with self-similarity, b = 1.67 ± 0.12 and σlnM|T ≃ 0.41. Conclusions: Overall our results demonstrate the feasibility of ground-based weak-lensing scaling relation studies down to cool systems of ~1 keV temperature and highlight that the current data and samples are a limit to our statistical precision. As such we are unable to determine whether the validity of hydrostatic equilibrium is a function of halo mass. An enlarged sample of cool systems, deeper weak-lensing data, and robust modelling of the selection function will help to explore these issues further. Based on observations obtained with XMM-Newton, an ESA sci- ence mission with instruments and contributions directly funded by ESA Member States and NASA. Based on observations made with ESO Telescopes at the La Silla Paranal Observatory under programme 089.A-0666 and LP191.A-0268.The Master catalogue is available at the CDS via anonymous ftp to http://cdsarc.u-strasbg.fr (http://130.79.128.5) or via http://cdsarc.u-strasbg.fr/viz-bin/qcat?J/A+A/592/A