HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment

被引：12

作者：

Navarro, Julio ^{[1
,2
]}

Legrand, Veronique ^{[4
,5
]}

Lagraa, Sofiane ^{[6
]}

Francois, Jerome ^{[6
]}

Lahmadi, Abdelkader ^{[6
]}

De Santis, Giulia ^{[6
]}

Festor, Olivier ^{[6
]}

Lammari, Nadira ^{[4
]}

Hamdi, Faycal ^{[4
]}

Deruyver, Aline ^{[1
]}

Goux, Quentin ^{[5
]}

Allard, Morgan ^{[5
]}

Parrend, Pierre ^{[1
,2
,3
]}

机构：

[1] Univ Strasbourg, ICube, Strasbourg, France

[2] UNESCO Unitwin, Complex Syst Digital Campus, Paris, France

[3] ECAM Strasbourg Europe, Schiltigheim, France

[4] CNAM, CEDRIC, Paris, France

[5] Intrinsec Secur, Nanterre, France

[6] Inria Nancy Grand Est, LORIA, Villers Les Nancy, France

来源：

FOUNDATIONS AND PRACTICE OF SECURITY (FPS 2017) | 2018年 / 10723卷

关键词：

Security knowledge; Cognitive computing; Cybersecurity; Log analysis; ATTACK;

D O I：

10.1007/978-3-319-75650-9_10

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

The advent of massive and highly heterogeneous information systems poses major challenges to professionals responsible for IT security. The huge amount of monitoring data currently being generated means that no human being or group of human beings can cope with their analysis. Furthermore, fully automated tools still lack the ability to track the associated events in a fine-grained and reliable way. Here, we propose the HuMa framework for detailed and reliable analysis of large amounts of data for security purposes. HuMa uses a multi-analysis approach to study complex security events in a large set of logs. It is organized around three layers: the event layer, the context and attack pattern layer, and the assessment layer. We describe the framework components and the set of complementary algorithms for security assessment. We also provide an evaluation of the contribution of the context and attack pattern layer to security investigation.

引用

页码：144 / 159

页数：16

共 50 条

[1] A Multi-layer Framework for Virtual Organizations Creation in Breeding Environment
Boukadi, Khouloud
Vincent, Lucien
Ghedira, Chirine
[J]. COLLABORATIVE NETWORKS FOR A SUSTAINABLE WORLD, 2010, 336 : 287 - +
[2] Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments
Manzoor, Salman
Gouglidis, Antonios
Bradbury, Matthew
Suri, Neeraj
[J]. IEEE TRANSACTIONS ON CLOUD COMPUTING, 2024, 12 (01) : 319 - 336
[3] The multi-layer RSIP framework
Luo, JN
Shieh, SP
[J]. NINTH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, PROCEEDINGS, 2001, : 166 - 171
[4] An Optimized Multi-Layer Ensemble Framework for Sentiment Analysis
Hung, Po Lai
Rayner, Alfred
[J]. 2019 1ST INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND DATA SCIENCES (AIDAS2019), 2019, : 158 - 163
[5] A multi-layer framework for semantic modeling
Silva, Sergio Evangelista
Reis, Luciana Paula
Fernandes, June Marques
Sester Pereira, Alana Deusilan
[J]. JOURNAL OF DOCUMENTATION, 2020, 76 (02) : 502 - 530
[6] Energy Consumption Analysis and Minimization in Multi-Layer Heterogeneous Wireless Systems
Chavarria-Reyes, Elias
Akyildiz, Ian F.
Fadel, Etimad
[J]. IEEE TRANSACTIONS ON MOBILE COMPUTING, 2015, 14 (12) : 2474 - 2487
[7] Novel multi-layer floorplanning for heterogeneous FPGAs
Singhal, Love
Bozorgzadeh, Elaheh
[J]. 2007 INTERNATIONAL CONFERENCE ON FIELD PROGRAMMABLE LOGIC AND APPLICATIONS, PROCEEDINGS, VOLS 1 AND 2, 2007, : 613 - 616
[8] A framework for static and dynamic analysis of multi-layer fuzzy cognitive maps
Christoforou, Andreas
Andreou, Andreas S.
[J]. NEUROCOMPUTING, 2017, 232 : 133 - 145
[9] Multi-Layer Security Framework for IoT Devices
Vochescu, Alexandru
Culic, Ioana
Radovici, Alexandru
[J]. 2020 19TH ROEDUNET CONFERENCE: NETWORKING IN EDUCATION AND RESEARCH (ROEDUNET), 2020,
[10] Analysis of multi-layer arrow
Abdullah, A
Majid, MA
[J]. ICECS 2003: PROCEEDINGS OF THE 2003 10TH IEEE INTERNATIONAL CONFERENCE ON ELECTRONICS, CIRCUITS AND SYSTEMS, VOLS 1-3, 2003, : 1050 - 1053

← 1 2 3 4 5 →