Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

With the rapid evolution of the Internet and the prevalence of sophisticated adversarial cyber threats, it has become apparent that an equally rapid development of new Situation Awareness techniques is needed. The vast amount of data produced everyday by Intrusion Detection Systems, Firewalls, Honeypots and other systems can quickly become insurmountable to analyze by the domain experts. To enhance the human - machine interaction, new Visual Analytics systems need to be implemented and tested, bridging the gap between the detection of possible malicious activity, identifying it and taking the necessary measures to stop its propagation. The detection of previously unknown, highly sophisticated Advanced Persistent Threats (APT) adds a higher degree of complexity to this task. In this paper, we discuss the principles inherent to Visual Analytics and propose a new technique for the detection of APT attacks through the use of anomaly and behavior-based analysis. Our ultimate goal is to define sophisticated cyber threats by their defining characteristics and combining those to construct a pattern of behavior, which can be presented in visual form to be explored and analyzed. This can be achieved through the use of our Multi-Agent System for Advanced Persistent Threat Detection (MASFAD) framework and the combination of highly-detailed and dynamic visualization techniques. This paper was originally presented at the NATO Science and Technology Organization Symposium (ICMCIS) organized by the Information Systems Technology (IST) Panel, IST-200 RSY - the ICMCIS, held in Skopje, North Macedonia, 16-17 May 2023.

Original languageEnglish
Title of host publicationInternational Conference on Military Communications and Information Systems, ICMCIS 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798350343854
DOIs
Publication statusPublished - 2023
Event2023 International Conference on Military Communications and Information Systems, ICMCIS 2023 - Skopje, Macedonia, The Former Yugoslav Republic of
Duration: 16 May 202317 May 2023

Publication series

NameInternational Conference on Military Communications and Information Systems, ICMCIS 2023

Conference

Conference2023 International Conference on Military Communications and Information Systems, ICMCIS 2023
Country/TerritoryMacedonia, The Former Yugoslav Republic of
CitySkopje
Period16/05/2317/05/23

Keywords

  • advanced persistent threat
  • cyber situation awareness
  • detection through visualization
  • visual analytics

Fingerprint

Dive into the research topics of 'Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework'. Together they form a unique fingerprint.

Cite this