Towards Event Aggregation for Reducing the Volume of Logged Events During IKC Stages of APT Attacks
(ندگان)پدیدآورAhmadian Ramaki, AliGhaemi-Bafghi, AbbasRasoolzadegan, Abbas
اندازه فایل:3.074 مگابایت
نوع فايل (MIME):PDF
Nowadays, targeted attacks like Advanced Persistent Threats (APTs) has become one of the major concern of many enterprise networks. As a common approach to counter these attacks, security staff deploy a variety of heterogeneous security and non-security sensors at different lines of defense (Network, Host, and Application) to track the attacker's behaviors during their kill chain. However, one of the drawbacks of this approach is the huge amount of events raised by heterogeneous sensors which makes it difficult to analyze logged events for later processing i.e. event correlation for timely detection of APT attacks. The main focus of the existing works is only on the degree to which the event volume is reduced, while the amount of security information lost during the event aggregation process is also very important. In this paper, we propose a three-phase event aggregation method to reduce the volume of heterogeneous events during APT attacks considering the lowest rate of loss of security information. To this aim, at first, low-level events of the sensors are clustered into some similar event groups and then, after filtering noisy event clusters, the remained clusters are summarized based on an Attribute-Oriented Induction (AOI) method in a controllable manner to reduce the unimportant or duplicated events. The method has been evaluated on the three publicly available datasets: SotM34, Bryant, and LANL. The experimental results show that the method is efficient enough in event aggregation and can reduce events volume up to 99.7 with an acceptable level of information loss ratio (ILR).
کلید واژگانAdvanced Persistent Threat
Heterogeneous Event Logs
Intrusion Kill Chain
Security Event Management
ناشرIranian Society of Cryptology
سازمان پدید آورندهData and Communication Security Laboratory, Ferdowsi University of Mashhad, Mashhad, Iran
Data and Communication Security Laboratory, Ferdowsi University of Mashhad, Mashhad, Iran
Software Quality Laboratory, Ferdowsi University of Mashhad, Mashhad, Iran
Showing items related by title, author, creator and subject.
Eventfulness, Event Modalities, and the Dilemma of Using Outdoor Events as a Public Realm Revitalization Initiative (Case Study: Shiraz, Iran) Lotfi, Sahand؛ Sholeh, Mahsa؛ Imani, Negar (Tehran, University of Science and Industry, 2022-04-01)Shiraz, with its historical background, known as the capital of the Persian culture, once experienced a boom of international culture-led events using outdoor spaces as event venues. However, its outdoor vibrancy has ...
Investigating the impact of the media on international sporting events and the extent of tourist attraction at that event Kiani, Mohammad Saeid؛ Rizvandi, Aye (Iranian-Australian Community of Science http://irausci.ir, 2020-06-01)Purpose: The aim of the study was to investigate the effect of media on international sports events on tourist attraction, for this purpose, research and reports related to holding sporting events were ...
The influence of event attributes on tourist’s loyalty: Evidence from the Ashoura event in Yazd City Nikraftar, T.؛ Jalali, M. (Municipality of Tehran, 2019-04-01)Many studies have found that the perceived authenticity of cultural and religious events affects event satisfaction and loyalty. Little is currently known about how perceived authenticity is affected by the facilities, ...