PeerJ Computer Science (Oct 2015)

Mining known attack patterns from security-related events

  • Nicandro Scarabeo,
  • Benjamin C.M. Fung,
  • Rashid H. Khokhar

DOI
https://doi.org/10.7717/peerj-cs.25
Journal volume & issue
Vol. 1
p. e25

Abstract

Read online Read online

Managed Security Services (MSS) have become an essential asset for companies to have in order to protect their infrastructure from hacking attempts such as unauthorized behaviour, denial of service (DoS), malware propagation, and anomalies. A proliferation of attacks has determined the need for installing more network probes and collecting more security-related events in order to assure the best coverage, necessary for generating incident responses. The increase in volume of data to analyse has created a demand for specific tools that automatically correlate events and gather them in pre-defined scenarios of attacks. Motivated by Above Security, a specialized company in the sector, and by National Research Council Canada (NRC), we propose a new data mining system that employs text mining techniques to dynamically relate security-related events in order to reduce analysis time, increase the quality of the reports, and automatically build correlated scenarios.

Keywords