FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2887200831> ?p ?o ?g. }

• W2887200831 abstract "Recently, advanced cyber attacks, which consist of a sequence of steps that involve many vulnerabilities and hosts, compromise the security of many well-protected businesses. This has led to the solutions that ubiquitously monitor system activities in each host (big data) as a series of events, and search for anomalies (abnormal behaviors) for triaging risky events. Since fighting against these attacks is a time-critical mission to prevent further damage, these solutions face challenges in incorporating expert knowledge to perform timely anomaly detection over the large-scale provenance data. To address these challenges, we propose a novel stream-based query system that takes as input, a real-time event feed aggregated from multiple hosts in an enterprise, and provides an anomaly query engine that queries the event feed to identify abnormal behaviors based on the specified anomalies. To facilitate the task of expressing anomalies based on expert knowledge, our system provides a domain-specific query language, SAQL, which allows analysts to express models for (1) rule-based anomalies, (2) time-series anomalies, (3) invariant-based anomalies, and (4) outlier-based anomalies. We deployed our system in NEC Labs America comprising 150 hosts and evaluated it using 1.1TB of real system monitoring data (containing 3.3 billion events). Our evaluations on a broad set of attack behaviors and micro-benchmarks show that our system has a low detection latency (<2s) and a high system throughput (110,000 events/s; supporting ~4000 hosts), and is more efficient in memory utilization than the existing stream-based complex event processing systems." @default.
• W2887200831 created "2018-08-22" @default.
• W2887200831 creator A5012621594 @default.
• W2887200831 creator A5015619835 @default.
• W2887200831 creator A5024596435 @default.
• W2887200831 creator A5024705395 @default.
• W2887200831 creator A5053530986 @default.
• W2887200831 creator A5076718675 @default.
• W2887200831 creator A5080160655 @default.
• W2887200831 creator A5082251778 @default.
• W2887200831 creator A5091296600 @default.
• W2887200831 date "2018-06-25" @default.
• W2887200831 modified "2023-10-16" @default.
• W2887200831 title "SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection" @default.
• W2887200831 cites W1444906800 @default.
• W2887200831 cites W1482228399 @default.
• W2887200831 cites W1495304983 @default.
• W2887200831 cites W1520270249 @default.
• W2887200831 cites W1568192366 @default.
• W2887200831 cites W1601789105 @default.
• W2887200831 cites W1602380388 @default.
• W2887200831 cites W1867761151 @default.
• W2887200831 cites W1941427975 @default.
• W2887200831 cites W1995976200 @default.
• W2887200831 cites W2034394069 @default.
• W2887200831 cites W2042128496 @default.
• W2887200831 cites W2063114706 @default.
• W2887200831 cites W2093406244 @default.
• W2887200831 cites W2096347345 @default.
• W2887200831 cites W2114887958 @default.
• W2887200831 cites W2122646361 @default.
• W2887200831 cites W2125743503 @default.
• W2887200831 cites W2128217000 @default.
• W2887200831 cites W2134890934 @default.
• W2887200831 cites W2136575791 @default.
• W2887200831 cites W2140190241 @default.
• W2887200831 cites W2141200504 @default.
• W2887200831 cites W2149576945 @default.
• W2887200831 cites W2152449272 @default.
• W2887200831 cites W2153972927 @default.
• W2887200831 cites W2157665255 @default.
• W2887200831 cites W2159357881 @default.
• W2887200831 cites W2213728018 @default.
• W2887200831 cites W2215262239 @default.
• W2887200831 cites W2293351723 @default.
• W2887200831 cites W2295705535 @default.
• W2887200831 cites W2320874258 @default.
• W2887200831 cites W2397699236 @default.
• W2887200831 cites W2437053200 @default.
• W2887200831 cites W2466206609 @default.
• W2887200831 cites W2562836854 @default.
• W2887200831 cites W2579106964 @default.
• W2887200831 cites W2751844787 @default.
• W2887200831 cites W2762828804 @default.
• W2887200831 cites W2790316935 @default.
• W2887200831 cites W2790557990 @default.
• W2887200831 cites W2914354916 @default.
• W2887200831 cites W2963556271 @default.
• W2887200831 cites W3146166473 @default.
• W2887200831 cites W47175211 @default.
• W2887200831 doi "https://doi.org/10.48550/arxiv.1806.09339" @default.
• W2887200831 hasPublicationYear "2018" @default.
• W2887200831 type Work @default.
• W2887200831 sameAs 2887200831 @default.
• W2887200831 citedByCount "11" @default.
• W2887200831 countsByYear W28872008312018 @default.
• W2887200831 countsByYear W28872008312019 @default.
• W2887200831 countsByYear W28872008312020 @default.
• W2887200831 countsByYear W28872008312021 @default.
• W2887200831 crossrefType "posted-content" @default.
• W2887200831 hasAuthorship W2887200831A5012621594 @default.
• W2887200831 hasAuthorship W2887200831A5015619835 @default.
• W2887200831 hasAuthorship W2887200831A5024596435 @default.
• W2887200831 hasAuthorship W2887200831A5024705395 @default.
• W2887200831 hasAuthorship W2887200831A5053530986 @default.
• W2887200831 hasAuthorship W2887200831A5076718675 @default.
• W2887200831 hasAuthorship W2887200831A5080160655 @default.
• W2887200831 hasAuthorship W2887200831A5082251778 @default.
• W2887200831 hasAuthorship W2887200831A5091296600 @default.
• W2887200831 hasBestOaLocation W28872008311 @default.
• W2887200831 hasConcept C121332964 @default.
• W2887200831 hasConcept C124101348 @default.
• W2887200831 hasConcept C126831891 @default.
• W2887200831 hasConcept C154945302 @default.
• W2887200831 hasConcept C18903297 @default.
• W2887200831 hasConcept C2778484313 @default.
• W2887200831 hasConcept C2779662365 @default.
• W2887200831 hasConcept C41008148 @default.
• W2887200831 hasConcept C62520636 @default.
• W2887200831 hasConcept C739882 @default.
• W2887200831 hasConcept C76155785 @default.
• W2887200831 hasConcept C79337645 @default.
• W2887200831 hasConcept C79403827 @default.
• W2887200831 hasConcept C86803240 @default.
• W2887200831 hasConceptScore W2887200831C121332964 @default.
• W2887200831 hasConceptScore W2887200831C124101348 @default.
• W2887200831 hasConceptScore W2887200831C126831891 @default.
• W2887200831 hasConceptScore W2887200831C154945302 @default.
• W2887200831 hasConceptScore W2887200831C18903297 @default.
• W2887200831 hasConceptScore W2887200831C2778484313 @default.

• next