Causal Connections Mining Within Security Event Logs

被引:1
|
作者
Khan, Saad [1 ]
Parkinson, Simon [1 ]
机构
[1] Univ Huddersfield, Huddersfield, W Yorkshire, England
来源
K-CAP 2017: PROCEEDINGS OF THE KNOWLEDGE CAPTURE CONFERENCE | 2017年
关键词
Knowledge extraction; Automated; Association; Causal;
D O I
10.1145/3148011.3154476
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system.
引用
收藏
页数:4
相关论文
共 50 条
  • [1] Process Mining Meets Causal Machine Learning: Discovering Causal Rules from Event Logs
    Bozorgi, Zahra Dasht
    Teinemaa, Irene
    Dumas, Marlon
    La Rosa, Marcello
    Polyvyanyy, Artem
    [J]. 2020 2ND INTERNATIONAL CONFERENCE ON PROCESS MINING (ICPM 2020), 2020, : 129 - 136
  • [2] Mining event logs with SLCT and LogHound
    Vaarandi, Risto
    [J]. 2008 IEEE NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, VOLS 1 AND 2, 2008, : 1071 - 1074
  • [3] Mining invisible tasks from event logs
    Wen, Lijie
    Wang, Jianmin
    Sun, Jiaguang
    [J]. ADVANCES IN DATA AND WEB MANAGEMENT, PROCEEDINGS, 2007, 4505 : 358 - +
  • [4] Optimal process mining of timed event logs
    De Oliveira, Hugo
    Augusto, Vincent
    Jouaneton, Baptiste
    Lamarsalle, Ludovic
    Prodel, Martin
    Xie, Xiaolan
    [J]. INFORMATION SCIENCES, 2020, 528 : 58 - 78
  • [5] Mining Process Performance from Event Logs
    Adriansyah, Arya
    Buijs, Joos C. A. M.
    [J]. BUSINESS PROCESS MANAGEMENT WORKSHOPS (BPM), 2013, 132 : 217 - 218
  • [6] WEAKLY COMPLETE EVENT LOGS IN PROCESS MINING
    Lekic, Julijana
    Milicev, Dragan
    [J]. COMPUTING AND INFORMATICS, 2021, 40 (02) : 341 - 367
  • [7] Monitoring Event Logs within a Cluster System
    Sosnowski, Janusz
    Kubacki, Marcin
    Krawczyk, Henryk
    [J]. COMPLEX SYSTEMS AND DEPENDABILITY, 2012, 170 : 257 - 271
  • [8] Differentially private release of event logs for process mining
    Elkoumy, Gamal
    Pankova, Alisa
    Dumas, Marlon
    [J]. INFORMATION SYSTEMS, 2023, 115
  • [9] Configurable Process Mining: Semantic Variability in Event Logs
    Khannat, Aicha
    Sbai, Hanae
    Kjiri, Laila
    [J]. PROCEEDINGS OF THE 23RD INTERNATIONAL CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS (ICEIS 2021), VOL 1, 2021, : 768 - 775
  • [10] Mining workflow recovery from event based logs
    Gaaloul, W
    Godart, C
    [J]. BUSINESS PROCESS MANAGEMENT, PROCEEDINGS, 2005, 3649 : 169 - 185
12345