FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2167358002> ?p ?o ?g. }

• W2167358002 abstract "Correlation is a recognized technique in security to improve the effectiveness of threat identification and analysis process. Existing correlation approaches mostly focus on correlating temporally located events, or combining alerts from multiple intrusion detection systems. Such approaches either generate high false alarm rates due to single host activity changes, or fail to detect stealthy attacks that evade detection from local monitors. This thesis explores a new spatiotemporal event correlation approach to capture the abnormal patterns of a class of attacks, whose activities, when observed individually, may not seem suspicious or distinguishable from normal activity changes. This approach correlates events across both space and time, identifying aggregated abnormal event patterns to the host state updates. By exploring both the temporal and spatial locality of host state changes, our approach identifies malicious events that are hard to detect in isolation, without foreknowledge of normal changes or system-specific knowledge. To demonstrate the effectiveness of spatiotemporal event correlation, we instantiate the approach in two example security applications: anomaly detection and network forensics. For anomaly detection, we present a pointillist method to detect similar, coincident changes to the patterns of file updates that are shared across multiple hosts. The correlation is performed by clustering points, each representing an individual host state transition, in a multi-dimensional feature space. We implement this approach in a prototype system called Seurat and demonstrate its effectiveness using a combination of real workstation traces, simulated attacks, and manually launched real worms. For network forensics, we present a general forensics framework called Dragnet, and propose a moonwalk technique that can determine both the host responsible for originating a worm attack and the set of attack flows that make up the initial stages of the attack via which the worm infected successive generations of victims. Our technique exploits the wide tree shape of a worm propagation by performing random walks backward in time along paths of flows. Using analysis, simulation, and experiments with real world traces, we show how the technique works against both today's fast propagating worms and a class of stealthy worms that attempt to hide their attack flows among background traffic. While the high level idea is the same, the two applications use different types of event data, different data representations, and different correlation algorithms, suggesting that spatiotemporal event correlation will be a general solution to reliably and effectively capture the global abnormal patterns for a variety of security applications." @default.
• W2167358002 created "2016-06-24" @default.
• W2167358002 creator A5003759585 @default.
• W2167358002 creator A5009961886 @default.
• W2167358002 creator A5029690882 @default.
• W2167358002 date "2005-01-01" @default.
• W2167358002 modified "2023-09-27" @default.
• W2167358002 title "A spatiotemporal event correlation approach to computer security" @default.
• W2167358002 cites W127688506 @default.
• W2167358002 cites W145064423 @default.
• W2167358002 cites W1489608363 @default.
• W2167358002 cites W1495172800 @default.
• W2167358002 cites W1495304983 @default.
• W2167358002 cites W1496357020 @default.
• W2167358002 cites W1497332396 @default.
• W2167358002 cites W1498585374 @default.
• W2167358002 cites W1518431406 @default.
• W2167358002 cites W1527422375 @default.
• W2167358002 cites W153082523 @default.
• W2167358002 cites W1536619301 @default.
• W2167358002 cites W1540548505 @default.
• W2167358002 cites W1547780404 @default.
• W2167358002 cites W1549716092 @default.
• W2167358002 cites W1556925457 @default.
• W2167358002 cites W1562405179 @default.
• W2167358002 cites W1563061804 @default.
• W2167358002 cites W1573585357 @default.
• W2167358002 cites W1578099820 @default.
• W2167358002 cites W1578138711 @default.
• W2167358002 cites W1579427489 @default.
• W2167358002 cites W1594026167 @default.
• W2167358002 cites W1634005169 @default.
• W2167358002 cites W1674877186 @default.
• W2167358002 cites W1684452600 @default.
• W2167358002 cites W1685149137 @default.
• W2167358002 cites W171844054 @default.
• W2167358002 cites W1744212210 @default.
• W2167358002 cites W1967949770 @default.
• W2167358002 cites W1973501242 @default.
• W2167358002 cites W1976969221 @default.
• W2167358002 cites W1979331092 @default.
• W2167358002 cites W1981202432 @default.
• W2167358002 cites W1982114217 @default.
• W2167358002 cites W1994212840 @default.
• W2167358002 cites W1994840070 @default.
• W2167358002 cites W200434350 @default.
• W2167358002 cites W2016551721 @default.
• W2167358002 cites W2031006315 @default.
• W2167358002 cites W2033811087 @default.
• W2167358002 cites W2034887531 @default.
• W2167358002 cites W2035036798 @default.
• W2167358002 cites W2056609785 @default.
• W2167358002 cites W2083616151 @default.
• W2167358002 cites W2085305295 @default.
• W2167358002 cites W2096538410 @default.
• W2167358002 cites W2098721736 @default.
• W2167358002 cites W2099168712 @default.
• W2167358002 cites W2100903665 @default.
• W2167358002 cites W2102399005 @default.
• W2167358002 cites W2107577105 @default.
• W2167358002 cites W2108867737 @default.
• W2167358002 cites W2109599309 @default.
• W2167358002 cites W2110320325 @default.
• W2167358002 cites W2116434280 @default.
• W2167358002 cites W2117002131 @default.
• W2167358002 cites W2117222554 @default.
• W2167358002 cites W2119030343 @default.
• W2167358002 cites W2121511513 @default.
• W2167358002 cites W2126310747 @default.
• W2167358002 cites W2128945468 @default.
• W2167358002 cites W2129860818 @default.
• W2167358002 cites W2132957552 @default.
• W2167358002 cites W2134006599 @default.
• W2167358002 cites W2135143063 @default.
• W2167358002 cites W2136561182 @default.
• W2167358002 cites W2137754263 @default.
• W2167358002 cites W2139978474 @default.
• W2167358002 cites W2140190241 @default.
• W2167358002 cites W2141200504 @default.
• W2167358002 cites W2142876969 @default.
• W2167358002 cites W2146807182 @default.
• W2167358002 cites W2147929033 @default.
• W2167358002 cites W2150657873 @default.
• W2167358002 cites W2151657570 @default.
• W2167358002 cites W2153717768 @default.
• W2167358002 cites W2154081981 @default.
• W2167358002 cites W2157578436 @default.
• W2167358002 cites W2159160833 @default.
• W2167358002 cites W2162133150 @default.
• W2167358002 cites W2163277533 @default.
• W2167358002 cites W2167396179 @default.
• W2167358002 cites W2288766236 @default.
• W2167358002 cites W2295705535 @default.
• W2167358002 cites W2500846359 @default.
• W2167358002 cites W2798455746 @default.
• W2167358002 cites W3021187106 @default.
• W2167358002 cites W3215037115 @default.
• W2167358002 cites W47175211 @default.
• W2167358002 cites W88694106 @default.
• W2167358002 cites W91862604 @default.

• next