Discovering Correlations: A Formal Definition of Causal Dependency Among Heterogeneous Events

Xosanavongsa, Charles; Totel, Éric; Bettan, Olivier

doi:10.1109/eurosp.2019.00033

Cited by 5 publications

(1 citation statement)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These proposals are however limited since they only consider one type of event format. This contrasts with [32] in which the authors propose to discover causal dependency in heterogeneous events to detect multi-steps attacks. Hercule [24] models network log entries also coming from multiple sources of data as nodes in a graph.…”

Section: Using Graph For Analyzing Security Eventsmentioning

confidence: 96%

Forensic Analysis of Network Attacks: Restructuring Security Events as Graphs and Identifying Strongly Connected Sub-graphs

Leichtnam

Totel

Prigent

et al. 2020

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

When analyzing the security of activities in a highly distributed system, an analyst faces a huge number of events, mainly coming from network supervision mechanisms. To analyze this huge amount of information, the analyst often starts from an indicator of compromise (IoC), an observable that suggests that a compromise may have occurred, and looks for the information related to this IoC as it could help to explain the related security incident. This approach is referred to as forensic analysis.In this paper, we propose an approach to treat automatically network events to provide the analyst with a new way to determine the subset of information related to a given IoC. This approach relies firstly on the generation of graphs between so-called "Security Objects" that are built from the logged network events, and secondly on the automatic processing of these graphs based on graphs communities analysis.

show abstract

Section: Using Graph For Analyzing Security Eventsmentioning

confidence: 96%