Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdragepeer review

Samenvatting

With the rapid evolution of the Internet and the prevalence of sophisticated adversarial cyber threats, it has become apparent that an equally rapid development of new Situation Awareness techniques is needed. The vast amount of data produced everyday by Intrusion Detection Systems, Firewalls, Honeypots and other systems can quickly become insurmountable to analyze by the domain experts. To enhance the human - machine interaction, new Visual Analytics systems need to be implemented and tested, bridging the gap between the detection of possible malicious activity, identifying it and taking the necessary measures to stop its propagation. The detection of previously unknown, highly sophisticated Advanced Persistent Threats (APT) adds a higher degree of complexity to this task. In this paper, we discuss the principles inherent to Visual Analytics and propose a new technique for the detection of APT attacks through the use of anomaly and behavior-based analysis. Our ultimate goal is to define sophisticated cyber threats by their defining characteristics and combining those to construct a pattern of behavior, which can be presented in visual form to be explored and analyzed. This can be achieved through the use of our Multi-Agent System for Advanced Persistent Threat Detection (MASFAD) framework and the combination of highly-detailed and dynamic visualization techniques. This paper was originally presented at the NATO Science and Technology Organization Symposium (ICMCIS) organized by the Information Systems Technology (IST) Panel, IST-200 RSY - the ICMCIS, held in Skopje, North Macedonia, 16-17 May 2023.

Originele taal-2Engels
TitelInternational Conference on Military Communications and Information Systems, ICMCIS 2023
UitgeverijInstitute of Electrical and Electronics Engineers Inc.
ISBN van elektronische versie9798350343854
DOI's
StatusGepubliceerd - 2023
Evenement2023 International Conference on Military Communications and Information Systems, ICMCIS 2023 - Skopje, Macedonië
Duur: 16 mei 202317 mei 2023

Publicatie series

NaamInternational Conference on Military Communications and Information Systems, ICMCIS 2023

Congres

Congres2023 International Conference on Military Communications and Information Systems, ICMCIS 2023
Land/RegioMacedonië
StadSkopje
Periode16/05/2317/05/23

Vingerafdruk

Duik in de onderzoeksthema's van 'Detection of Previously Unknown Advanced Persistent Threats Through Visual Analytics with the MASFAD Framework'. Samen vormen ze een unieke vingerafdruk.

Citeer dit