ChainSpot: Mining service logs for cyber security threat detection

Jain Shing Wu, Yuh-Jye Lee, Te En Wei, Chih Hung Hsieh*, Chia Min Lai

*此作品的通信作者

研究成果: Conference contribution同行評審

2 引文 斯高帕斯(Scopus)

摘要

Given service logs of who used what service, and when, how can we find intrusions and anomalies? In this paper, a cyber threat detection framework-ChainSpot was proposed, in which the novelty is to build graphical patterns by summarizing user's sequential behaviors of using application-layer services, and to discover deviations against one's normal patterns. Besides modeling, the issue of justifying trade-off between feature explicity and computation complexity is properly addressed, as well. Effectiveness and performance of proposed method are evaluated using dataset collected in real circumstance. Experiments show that ChainSpot can provide very good supports for awaring abnormal behaivors which is starting point of threat detection. The detection results are highly correlated to expert-labeled ground truth, therefore, ChainSpot is proven helpful for saving forensics efforts significantly. Even more, case investigations demonstrate that the differences between benign and suspicious patterns can be further interpreted to reconstruct the attack scenarios. Then the analytic findings may be treated as indicators of compromise for threat detection and in-depth clues for digital forensics.

原文English
主出版物標題Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016
發行者Institute of Electrical and Electronics Engineers Inc.
頁面1867-1874
頁數8
ISBN(電子)9781509032051
DOIs
出版狀態Published - 2016
事件Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 - Tianjin, China
持續時間: 23 8月 201626 8月 2016

出版系列

名字Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016

Conference

ConferenceJoint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016
國家/地區China
城市Tianjin
期間23/08/1626/08/16

指紋

深入研究「ChainSpot: Mining service logs for cyber security threat detection」主題。共同形成了獨特的指紋。

引用此