TY - GEN
T1 - Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework
AU - Nikolov, Georgi
AU - Mees, Wim
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - With the rapid evolution of the Internet and the prevalence of sophisticated adversarial cyber threats, it has become apparent that an equally rapid development of new Situation Awareness techniques is needed. The vast amount of data produced everyday by Intrusion Detection Systems, Firewalls, Honeypots and other systems can quickly become insurmountable to analyze by the domain experts. To enhance the human - machine interaction, new Visual Analytics systems need to be implemented and tested, bridging the gap between the detection of possible malicious activity, identifying it and taking the necessary measures to stop its propagation. The detection of previously unknown, highly sophisticated Advanced Persistent Threats (APT) adds a higher degree of complexity to this task. In this paper, we discuss the principles inherent to Visual Analytics and propose a new technique for the detection of APT attacks through the use of anomaly and behavior-based analysis. Our ultimate goal is to define sophisticated cyber threats by their defining characteristics and combining those to construct a pattern of behavior, which can be presented in visual form to be explored and analyzed. This can be achieved through the use of our Multi-Agent System for Advanced Persistent Threat Detection (MASFAD) framework and the combination of highly-detailed and dynamic visualization techniques. This paper was originally presented at the NATO Science and Technology Organization Symposium (ICMCIS) organized by the Information Systems Technology (IST) Panel, IST-200 RSY - the ICMCIS, held in Skopje, North Macedonia, 16-17 May 2023.
AB - With the rapid evolution of the Internet and the prevalence of sophisticated adversarial cyber threats, it has become apparent that an equally rapid development of new Situation Awareness techniques is needed. The vast amount of data produced everyday by Intrusion Detection Systems, Firewalls, Honeypots and other systems can quickly become insurmountable to analyze by the domain experts. To enhance the human - machine interaction, new Visual Analytics systems need to be implemented and tested, bridging the gap between the detection of possible malicious activity, identifying it and taking the necessary measures to stop its propagation. The detection of previously unknown, highly sophisticated Advanced Persistent Threats (APT) adds a higher degree of complexity to this task. In this paper, we discuss the principles inherent to Visual Analytics and propose a new technique for the detection of APT attacks through the use of anomaly and behavior-based analysis. Our ultimate goal is to define sophisticated cyber threats by their defining characteristics and combining those to construct a pattern of behavior, which can be presented in visual form to be explored and analyzed. This can be achieved through the use of our Multi-Agent System for Advanced Persistent Threat Detection (MASFAD) framework and the combination of highly-detailed and dynamic visualization techniques. This paper was originally presented at the NATO Science and Technology Organization Symposium (ICMCIS) organized by the Information Systems Technology (IST) Panel, IST-200 RSY - the ICMCIS, held in Skopje, North Macedonia, 16-17 May 2023.
KW - advanced persistent threat
KW - cyber situation awareness
KW - detection through visualization
KW - visual analytics
UR - http://www.scopus.com/inward/record.url?scp=85174249456&partnerID=8YFLogxK
U2 - 10.1109/ICMCIS59922.2023.10253465
DO - 10.1109/ICMCIS59922.2023.10253465
M3 - Conference contribution
AN - SCOPUS:85174249456
T3 - International Conference on Military Communications and Information Systems, ICMCIS 2023
BT - International Conference on Military Communications and Information Systems, ICMCIS 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 International Conference on Military Communications and Information Systems, ICMCIS 2023
Y2 - 16 May 2023 through 17 May 2023
ER -