All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”

On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F17%3A00094473" target="_blank" >RIV/00216224:14610/17:00094473 - isvavai.cz</a>

  • Result on the web

    <a href="https://dl.acm.org/citation.cfm?doid=3098954.3098981" target="_blank" >https://dl.acm.org/citation.cfm?doid=3098954.3098981</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1145/3098954.3098981" target="_blank" >10.1145/3098954.3098981</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

  • Original language description

    Data mining is well-known for its ability to extract concealed and indistinct patterns in the data, which is a common task in the field of cyber security. However, data mining is not always used to its full potential among cyber security community. In this paper, we discuss usability of sequential pattern and rule mining, a subset of data mining methods, in an analysis of cyber security alerts. First, we survey the use case of data mining, namely alert correlation and attack prediction. Subsequently, we evaluate sequential pattern and rule mining methods to find the one that is both fast and provides valuable results while dealing with the peculiarities of security alerts. An experiment was performed using the dataset of real alerts from an alert sharing platform. Finally, we present lessons learned from the experiment and a comparison of the selected methods based on their performance and soundness of the results.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/VI20162019029" target="_blank" >VI20162019029: Sharing and analysis of security events in Czech Republic</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2017

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of the 12th International Conference on Availability, Reliability and Security

  • ISBN

    9781450352574

  • ISSN

  • e-ISSN

  • Number of pages

    10

  • Pages from-to

    „22:1“-„22:10“

  • Publisher name

    ACM

  • Place of publication

    Reggio Calabria

  • Event location

    Reggio Calabria

  • Event date

    Aug 29, 2017

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000426964900022