Big data analysis system concept for detecting unknown attacks

Ahn, S. H.; Kim, Nam-Uk; Chung, Tai-Myoung

doi:10.1109/icact.2014.6778962

Cited by 26 publications

(19 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ahn et al [158] present a model for detecting future unknown Advanced Persistent Threats (APTs) attacks based on analysis of data gathered from various sources. The proposed model consists of four steps: (1) Data collection: data is collected from most of the available resources that includes log files, database, network behaviour, anti-virus, and status information (2) Data processing: collected data is processed to make it meet certain requirements (format and compatibility) (3) Data Analysis: processed data is analysed using clustering, predictions, and behavioural analysis to find out about user behaviour, system status, network traffic and misuse of files (4) Result: if any abnormal behaviour is detected, administrator is alerted about it.…”

Section: Network + Host-based Anomaly Detectionmentioning

confidence: 99%

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Context: One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective: This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method: We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results: We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion: This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in 'in use' state, therefore, future research needs to be directed towards securing data in 'in rest' and 'in transit' states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.

show abstract

Section: Network + Host-based Anomaly Detectionmentioning

confidence: 99%

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

View full text Add to dashboard Cite

show abstract

“…Data mining techniques: Based on literature review, in order to find patterns among the data, data mining techniques will be applied. According to Ahn et al (2014) using classification techniques can help cyber experts to find current patterns and based on findings try to predict the future patterns. Naïve Bayes and decision tree algorithms are two suitable techniques can extract valuable information from uncertain knowledge.…”

Section: Discussionmentioning

confidence: 99%

“…Type of contained data and type of the task of each node will determine the value them. (Ahn et al 2014) Attack History: this attribute shows which nodes are more likely to be targeted by attackers based on previous observations in terms of cyber breaches. Dut et al (2012) propose an approach to defend against cyber-attacks based on Instance Based Learning Theory (IBLT).…”

Section: Das Et Al (2013) Apply Chi-square and Deviance Values To Thmentioning

confidence: 99%

Improving Cyber Situational Awareness Through Data Mining and Predictive Analytic Techniques

Pournouri

Akhgar

2015

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract. Due to the widespread usage of computer resources in everyday life, cyber security has been highlighted as one of the main concerns of governments and authorities. Data mining technology can be used for prevention of cyber breaches in different ways and Cyber Situational Awareness (CSA) can be improved based on analyzing past experiences in terms of cyber-attacks. This paper aims to investigate and review current state of CSA improvement through data mining techniques and predictive analytic and offers possible methodology based on data mining techniques which can be used by cyber firms in order to secure themselves against future cyber threats.

show abstract

“…Many papers proposed using big data on security for optimization and unknown attacks detection [17,18], as shown in Fig. 6.…”

Section: General Modelmentioning

confidence: 99%

Big data analysis and distributed deep learning for next-generation intrusion detection system optimization

2019

View full text Add to dashboard Cite

Recently, we have seen lots of real-life examples of attacks' huge impacts in different domains such as politics and economics. Hacking has become more critical and more dangerous than ever before. The number of hacking attacks is growing exponentially every few months. That means signature-based IDS is not useful anymore as we cannot update it with new signatures every few minutes. Also with developing technologies attacks become more sophisticated, APT attacks are more common than ever before.

show abstract

Big data analysis system concept for detecting unknown attacks

Cited by 26 publications

References 1 publication

Data exfiltration: A review of external attack vectors and countermeasures

Data exfiltration: A review of external attack vectors and countermeasures

Improving Cyber Situational Awareness Through Data Mining and Predictive Analytic Techniques

Big data analysis and distributed deep learning for next-generation intrusion detection system optimization

Contact Info

Product

Resources

About