On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F17%3A00094473" target="_blank" >RIV/00216224:14610/17:00094473 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/citation.cfm?doid=3098954.3098981" target="_blank" >https://dl.acm.org/citation.cfm?doid=3098954.3098981</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3098954.3098981" target="_blank" >10.1145/3098954.3098981</a>

Jazyk výsledku

angličtina

Název v původním jazyce

On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

Popis výsledku v původním jazyce

Data mining is well-known for its ability to extract concealed and indistinct patterns in the data, which is a common task in the field of cyber security. However, data mining is not always used to its full potential among cyber security community. In this paper, we discuss usability of sequential pattern and rule mining, a subset of data mining methods, in an analysis of cyber security alerts. First, we survey the use case of data mining, namely alert correlation and attack prediction. Subsequently, we evaluate sequential pattern and rule mining methods to find the one that is both fast and provides valuable results while dealing with the peculiarities of security alerts. An experiment was performed using the dataset of real alerts from an alert sharing platform. Finally, we present lessons learned from the experiment and a comparison of the selected methods based on their performance and soundness of the results.

Název v anglickém jazyce

On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

Popis výsledku anglicky

Data mining is well-known for its ability to extract concealed and indistinct patterns in the data, which is a common task in the field of cyber security. However, data mining is not always used to its full potential among cyber security community. In this paper, we discuss usability of sequential pattern and rule mining, a subset of data mining methods, in an analysis of cyber security alerts. First, we survey the use case of data mining, namely alert correlation and attack prediction. Subsequently, we evaluate sequential pattern and rule mining methods to find the one that is both fast and provides valuable results while dealing with the peculiarities of security alerts. An experiment was performed using the dataset of real alerts from an alert sharing platform. Finally, we present lessons learned from the experiment and a comparison of the selected methods based on their performance and soundness of the results.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20162019029" target="_blank" >VI20162019029: Sdílení a analýza bezpečnostních událostí v ČR</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2017

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 12th International Conference on Availability, Reliability and Security

ISBN

9781450352574

ISSN

—

e-ISSN

—

Počet stran výsledku

10

Strana od-do

„22:1“-„22:10“

Název nakladatele

ACM

Místo vydání

Reggio Calabria

Místo konání akce

Reggio Calabria

Datum konání akce

29. 8. 2017

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000426964900022