Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

Abstract

With the rapid evolution of the Internet and the prevalence of sophisticated adversarial cyber threats, it has become apparent that an equally rapid development of new Situation Awareness techniques is needed. The vast amount of data produced everyday by Intrusion Detection Systems, Firewalls, Honeypots and other systems can quickly become insurmountable to analyze by the domain experts. To enhance the human - machine interaction, new Visual Analytics systems need to be implemented and tested, bridging the gap between the detection of possible malicious activity, identifying it and taking the necessary measures to stop its propagation. The detection of previously unknown, highly sophisticated Advanced Persistent Threats (APT) adds a higher degree of complexity to this task. In this paper, we discuss the principles inherent to Visual Analytics and propose a new technique for the detection of APT attacks through the use of anomaly and behavior-based analysis. Our ultimate goal is to define sophisticated cyber threats by their defining characteristics and combining those to construct a pattern of behavior, which can be presented in visual form to be explored and analyzed. This can be achieved through the use of our Multi-Agent System for Advanced Persistent Threat Detection (MASFAD) framework and the combination of highly-detailed and dynamic visualization techniques. This paper was originally presented at the NATO Science and Technology Organization Symposium (ICMCIS) organized by the Information Systems Technology (IST) Panel, IST-200 RSY - the ICMCIS, held in Skopje, North Macedonia, 16-17 May 2023.

OriginalspracheEnglisch
TitelInternational Conference on Military Communications and Information Systems, ICMCIS 2023
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers Inc.
ISBN (elektronisch)9798350343854
DOIs
PublikationsstatusVeröffentlicht - 2023
Veranstaltung2023 International Conference on Military Communications and Information Systems, ICMCIS 2023 - Skopje, Mazedonien, ehemalige jugoslawische Republik
Dauer: 16 Mai 202317 Mai 2023

Publikationsreihe

NameInternational Conference on Military Communications and Information Systems, ICMCIS 2023

Konferenz

Konferenz2023 International Conference on Military Communications and Information Systems, ICMCIS 2023
Land/GebietMazedonien, ehemalige jugoslawische Republik
OrtSkopje
Zeitraum16/05/2317/05/23

Fingerprint

Untersuchen Sie die Forschungsthemen von „Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren