海报:工业网络系统安全日志图分析

Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security Pub Date : 2023-07-10 DOI:10.1145/3579856.3592830

Qiaoran Meng, Nay Oo, Hoontae Lim, B. Sikdar

{"title":"海报:工业网络系统安全日志图分析","authors":"Qiaoran Meng, Nay Oo, Hoontae Lim, B. Sikdar","doi":"10.1145/3579856.3592830","DOIUrl":null,"url":null,"abstract":"As Information Technology (IT) infrastructures have become increasingly complex to secure against accelerating cyber threats, current threat detection approaches have been largely silos in nature; security analysts in the environment are typically bombarded with large volume of security alerts that often cause severe fatigues and the possibility of judgement errors. This problem is further exacerbated by the number of false-positives that analysts may waste valuable time and resources pursuing. In this paper, we present how intuitive graph-based machine learning can be used to address the problem of alert fatigue and prioritize risky alerts to assist security analysts. The rationale and workflow of the proposed Graph Analysis (GA) algorithm is discussed in detail, with its effectiveness demonstrated by simulated experiments.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"POSTER: Security Logs Graph Analytics for Industry Network System\",\"authors\":\"Qiaoran Meng, Nay Oo, Hoontae Lim, B. Sikdar\",\"doi\":\"10.1145/3579856.3592830\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As Information Technology (IT) infrastructures have become increasingly complex to secure against accelerating cyber threats, current threat detection approaches have been largely silos in nature; security analysts in the environment are typically bombarded with large volume of security alerts that often cause severe fatigues and the possibility of judgement errors. This problem is further exacerbated by the number of false-positives that analysts may waste valuable time and resources pursuing. In this paper, we present how intuitive graph-based machine learning can be used to address the problem of alert fatigue and prioritize risky alerts to assist security analysts. The rationale and workflow of the proposed Graph Analysis (GA) algorithm is discussed in detail, with its effectiveness demonstrated by simulated experiments.\",\"PeriodicalId\":156082,\"journal\":{\"name\":\"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3579856.3592830\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3579856.3592830","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

随着信息技术(IT)基础设施变得越来越复杂，以抵御不断加速的网络威胁，目前的威胁检测方法在很大程度上是孤立的;环境中的安全分析师通常受到大量安全警报的轰炸，这些警报经常导致严重的疲劳和判断错误的可能性。分析人员可能会浪费宝贵的时间和资源来追踪大量的误报，这进一步加剧了这个问题。在本文中，我们介绍了如何使用直观的基于图的机器学习来解决警报疲劳问题，并优先考虑风险警报，以协助安全分析师。详细讨论了该算法的基本原理和工作流程，并通过仿真实验验证了算法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

POSTER: Security Logs Graph Analytics for Industry Network System

As Information Technology (IT) infrastructures have become increasingly complex to secure against accelerating cyber threats, current threat detection approaches have been largely silos in nature; security analysts in the environment are typically bombarded with large volume of security alerts that often cause severe fatigues and the possibility of judgement errors. This problem is further exacerbated by the number of false-positives that analysts may waste valuable time and resources pursuing. In this paper, we present how intuitive graph-based machine learning can be used to address the problem of alert fatigue and prioritize risky alerts to assist security analysts. The rationale and workflow of the proposed Graph Analysis (GA) algorithm is discussed in detail, with its effectiveness demonstrated by simulated experiments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

自引率

0.00%

发文量