Combating advanced persistent threats: From network event correlation to incident detection

Computers and Security

Volumn 48, Issue , 2015, Pages 35-57

  Friedberg, Ivo ^a   Skopik, Florian ^a   Settanni, Giuseppe ^a   Fiedler, Roman ^a  

^a AIT AUSTRIAN INSTITUTE OF TECHNOLOGY   (Austria)

Author keywords

Advanced persistent threat; Anomaly detection; Event correlation; Intrusion detection; Log file analysis; Self learning system model

Indexed keywords

ADVANCED PERSISTENT THREAT; ANOMALY DETECTION; EVENT CORRELATION; LOG-FILE ANALYSIS; SELF LEARNING SYSTEM;

INTRUSION DETECTION;

EID: 84908266997     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2014.09.006     Document Type: Article

References (35)

1. D. Alperovitch Revealed: operation shady RAT 2011 McAfee
2. S. Axelsson Intrusion detection systems: A survey and taxonomy Technical Report 2000 Chalmers University of Technology
3. R. Barber Hackers profiled who are they and what are their motivations? Comput Fraud Secur 2001 2 2001 14 17
4. V. Bartoš, and M. Žádník Network anomaly detection: comparison and real-time issues Dependable networks and services 2012 Springer 118 121
5. R. Brewer Advanced persistent threats: minimising the damage Netw Secur 2014 4 2014 5 9
6. T. Caldwell Spear-phishing: how to spot and mitigate the menace Comput Fraud Secur 2013 1 2013 11 16
7. V. Chandola, A. Banerjee, and V. Kumar Anomaly detection: a survey ACM Comput Surv (CSUR) 41 3 2009 15
8. D.E. Denning An intrusion-detection model Softw Eng IEEE Trans 2 1987 222 232
9. P. Garca-Teodoro, J. Daz-Verdejo, G. Maci-Fernndez, and E. Vzquez Anomaly-based network intrusion detection: techniques, systems and challenges Comput Secur 28 12 2009 18 28
10. B. Ives, K.R. Walsh, and H. Schneider The domino effect of password reuse Commun ACM 47 4 2004 75 78
11. G. Kim, S. Lee, and S. Kim A novel hybrid intrusion detection method integrating anomaly detection with misuse detection Expert Syst Appl 41 4, Part 2 2014 1690-1700
12. M. Kjaerland A taxonomy and comparison of computer security incidents from the commercial and government sectors Comput Secur 25 7 2006 522 538
13. E. Kraemer-Mbula, P. Tang, and H. Rush The cybercrime ecosystem: online innovation in the shadows? Technol Forecast Soc Change 80 3 2013 541 555 Future-Oriented Technology Analysis
14. W. Lee, S.J. Stolfo, and K.W. Mok A data mining framework for building intrusion detection models Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on 1999 IEEE 120 132
15. G. Li, N. Japkowicz, and L. Yang Anomaly detection via coupled gaussian kernels Advances in Artificial Intelligence 2012 Springer 343 349
16. McAfee Labs and McAfee Foundstone Professional Services Protecting your critical assets 2010 McAfee
17. R. Mitchell, and I.R. Chen A survey of intrusion detection techniques for cyber-physical systems ACM Comput Surv 46 4 2014 55:1-55:29
18. M. O'Neill The internet of things: do more devices mean more risks? Comput Fraud Secur 2014 1 2014 16 17
19. A. Patcha, and J.M. Park An overview of anomaly detection techniques: existing solutions and latest technological trends Comput Netw 51 12 2007 3448 3470
20. F. Sabahi, and A. Movaghar Intrusion detection: a survey Systems and Networks Communications, 2008. ICSNC'08. 3rd International Conference on 2008 IEEE 23 26
21. F. Skopik, and R. Fiedler Intrusion detection in distributed systems using finger-printing and massive event correlation 43 Jahrestagung der Gesellschaft fr Informatik eV (GI) (INFORMATIK 2013) 2013
22. F. Skopik, I. Friedberg, and R. Fiedler Dealing with advanced persistent threats in smart grid ict networks 5th IEEE Innovative Smart Grid Technologies Conference 2014 IEEE
23. F. Skopik, G. Settanni, R. Fiedler, and I. Friedberg Semi-synthetic data set generation for security software evaluation 12th Annual Conference on Privacy, Security and Trust 2014 IEEE
24. R. Sommer, and V. Paxson Outside the closed world: on using machine learning for network intrusion detection Security and Privacy (SP), 2010 IEEE Symposium on 2010 305 316 10.1109/SP.2010.25
25. A.K. Sood, and R.J. Enbody Crimeware-as-a-servicea survey of commoditized crimeware in the underground market Int J Crit Infrastructure Prot 6 1 2013 28 38
26. J. Steer The gaping hole in our security defences Comput Fraud Secur 2014 1 2014 17 20
27. C. Tankard Advanced persistent threats and how to monitor and deter them Netw Secur 2011 8 2011 16 19
28. G. Thomson Apts: a poorly understood challenge Netw Secur 2011 11 2011 9 11
29. M. Thottan, and C. Ji Anomaly detection in ip networks Signal Process IEEE Trans 51 8 2003 2191 2204
30. R. von Solms, and J. van Niekerk From information security to cyber security Comput Secur 38 0 2013 97 102 Cybercrime in the Digital Economy
31. J. Yin, G. Zhang, Y.Q. Chen, and X.L. Fan Multi-events analysis for anomaly intrusion detection Machine Learning and Cybernetics, 2004. Proceedings of 2004 International Conference on volume 2 2004 IEEE 1298 1303
32. Y. Yu A survey of anomaly intrusion detection techniques J Comput Sci Coll 28 1 2012 9 17
33. W. Zhang, Q. Yang, and Y. Geng A survey of anomaly detection methods in networks Computer Network and Multimedia Technology, 2009. CNMT 2009. International Symposium on 2009 IEEE 1 3
34. Y.l. Zhang, Z.g. Han, and J.x Ren A network anomaly detection method based on relative entropy theory Electronic Commerce and Security, 2009. ISECS'09. Second International Symposium on vol. 1 2009 IEEE 231 235
35. Y. Zhao, Z. Zheng, and H. Wen Bayesian statistical inference in machine learning anomaly detection Communications and Intelligence Information Security (ICCIIS), 2010 International Conference on 2010 IEEE 113 116