Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework

Résultats de recherche: Chapitre dans un livre, un rapport, des actes de conférencesContribution à une conférenceRevue par des pairs

Résumé

With the rapid evolution of the Internet and the prevalence of sophisticated adversarial cyber threats, it has become apparent that an equally rapid development of new Situation Awareness techniques is needed. The vast amount of data produced everyday by Intrusion Detection Systems, Firewalls, Honeypots and other systems can quickly become insurmountable to analyze by the domain experts. To enhance the human - machine interaction, new Visual Analytics systems need to be implemented and tested, bridging the gap between the detection of possible malicious activity, identifying it and taking the necessary measures to stop its propagation. The detection of previously unknown, highly sophisticated Advanced Persistent Threats (APT) adds a higher degree of complexity to this task. In this paper, we discuss the principles inherent to Visual Analytics and propose a new technique for the detection of APT attacks through the use of anomaly and behavior-based analysis. Our ultimate goal is to define sophisticated cyber threats by their defining characteristics and combining those to construct a pattern of behavior, which can be presented in visual form to be explored and analyzed. This can be achieved through the use of our Multi-Agent System for Advanced Persistent Threat Detection (MASFAD) framework and the combination of highly-detailed and dynamic visualization techniques. This paper was originally presented at the NATO Science and Technology Organization Symposium (ICMCIS) organized by the Information Systems Technology (IST) Panel, IST-200 RSY - the ICMCIS, held in Skopje, North Macedonia, 16-17 May 2023.

langue originaleAnglais
titreInternational Conference on Military Communications and Information Systems, ICMCIS 2023
EditeurInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronique)9798350343854
Les DOIs
étatPublié - 2023
Evénement2023 International Conference on Military Communications and Information Systems, ICMCIS 2023 - Skopje, Macédoine
Durée: 16 mai 202317 mai 2023

Série de publications

NomInternational Conference on Military Communications and Information Systems, ICMCIS 2023

Une conférence

Une conférence2023 International Conference on Military Communications and Information Systems, ICMCIS 2023
Pays/TerritoireMacédoine
La villeSkopje
période16/05/2317/05/23

Empreinte digitale

Examiner les sujets de recherche de « Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework ». Ensemble, ils forment une empreinte digitale unique.

Contient cette citation