Graph-based attack chain discovery in enterprise security systems
作者: Zhengzhang Chen , Guofei Jiang , Bo Zong , Hengtong Zhang , Zhichun Li
DOI:
关键词:
摘要: Methods and systems for detecting anomalous events include in monitored system data. An event correlation graph is generated based on the data that characterizes tendency of processes to access targets. Kill chains are connect malicious over a span time from characterize an attack path by sorting according maliciousness value determining at least one sub-graph within with above-threshold rank. A security management action performed kill chains.
lens.org 参考文章(12)
Nicholas Andrew Heard, Joshua Charles Neil, Melissa Turcotte, Anomaly detection to identify coordinated group attacks in computer networks ,(2013)
Yonatan Striem Amit, Method and apparatus for computer intrusion detection ,(2013)
Elan Pavlov, Yonatan Striem Amit, Method and Apparatus for Classifying and Combining Computer Attack Information ,(2013)
Sandeep Bhatkar, Kevin Alejandro Roundy, Systems and methods for using event-correlation graphs to generate remediation procedures ,(2014)
Druce MacFarlane, Fengmin Gong, Frank Jas, System And Method For Threat Risk Scoring Of Security Threats ,(2015)
Cary Noel, Vijay Chauhan, Wenhui Yu, Management console for network security investigations ,(2015)
Gabriel Bassett, System and method for cyber security analysis and human behavior prediction ,(2014)
Frank Jas, Alexander Burt, Fengmin Gong, System And Method For Detecting Lateral Movement And Data Exfiltration ,(2015)
Suroop Mohan Chandran, Bharat Shetty, Arun Warikoo, Methods for optimizing an automated determination in real-time of a risk rating of cyber-attack and devices thereof ,(2015)
Walid Negm, Amin Hassanzadeh, Shimon Modi, Shaan Mulchandani, Event correlation across heterogeneous operations ,(2016)