Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

Beran, Michal; Hrdina, František; Kouřil, Daniel; Ošlejšek, Radek; Zákopčanová, Kristína

doi:10.1109/vizsec51108.2020.00008

Cited by 6 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Para analisar as recomendac ¸ões de mitigac ¸ão, é importante apresentar interfaces para o usuário ou gráficos de ataques. Os autores de [Beran et al 2020] criaram um banco de dados a partir de computadores afetados por incidentes, dividindo-o em um conjunto de demonstrac ¸ão da ferramenta e outro para avaliac ¸ão. Por meio de métodos analíticos, foram analisados os timestamps para avaliar as alterac ¸ões nos arquivos por meio da hora, o que resultou em um aplicativo, o Filesystem Metadata Analysis (FIMETIS).…”

Section: Métodos De Recomendac ¸ãO De Mitigac ¸ãOunclassified

Um Mapeamento Sistemático sobre Detecção de Ataques em Redes de Computadores

da Silva,

Oliveira,

Braga

2023

Anais Da XI Escola Regional De Computação Do Ceará, Maranhão E Piauí (ERCEMAPI 2023)

View full text Add to dashboard Cite

Durante a pandemia de COVID-19, houve uma grande repercussão de notícias sobre empresas sendo atacadas por cibercriminosos. Nesse contexto, cresceram as pesquisas que propunham diminuir o impacto dos ataques à rede com algoritmos de Inteligência Artificial (IA). Este trabalho apresenta um mapeamento sistemático no âmbito da detecção de ataques às redes de computadores. Inicialmente, são identificados os algoritmos e os bancos de dados mais utilizados, além disso, os tipos de ataques, assim como a quantidade de amostras. Posteriormente, expõe-se a ausência de bancos de dados com ataques atuais, o desequilíbrio de amostras e soluções de arquitetura com mais de um algoritmo de IA.

show abstract

Section: Métodos De Recomendac ¸ãO De Mitigac ¸ãOunclassified

Um Mapeamento Sistemático sobre Detecção de Ataques em Redes de Computadores

da Silva,

Oliveira,

Braga

2023

Anais Da XI Escola Regional De Computação Do Ceará, Maranhão E Piauí (ERCEMAPI 2023)

View full text Add to dashboard Cite

show abstract

“…To help analysts during security investigations, many visualisation tools have been proposed by the research community to analyse various event data such as network logs [32,8], DNS logs [29], system logs [15,16] or file system metadata [3]. These methods allow a faster and easier investigation giving the analyst the possibility to query and visualise large amount of complex data.…”

Section: Related Workmentioning

confidence: 99%

“…To complement IDSs, visualisation tools [13,31,12,8,32,3] have been developped to identify attacks in the data. Among those tools, some have focused on log visualisation [15,16].…”

Section: Introductionmentioning

confidence: 99%

KRAKEN: A Knowledge-Based Recommender System for Analysts, to Kick Exploration up a Notch

Brisse

Boche²,

Majorczyk

et al. 2022

Innovative Security Solutions for Information Technology and Communications

View full text Add to dashboard Cite

During a computer security investigation, a security analyst has to explore the logs available to understand what happened in the compromised system. For such tasks, visual analysis tools have been developed to help with log exploration. They provide visualisations of aggregated logs, and help navigate data efficiently. However, even using visualisation tools, the task can still be difficult and tiresome. The amount and the numerous dimensions of the logs to analyse, the potential stealthiness and complexity of the attack may end with the analyst missing some parts of an attack. We offer to help the analyst finding the logs where her expertise is needed rapidly and efficiently. We design a recommender system called KRAKEN that links knowledge coming from advanced attack descriptions into a visual analysis tool to suggest exploration paths. KRAKEN confronts real world adversary knowledge with the investigated logs to dynamically provide relevant parts of the dataset to explore. To evaluate KRAKEN we conducted a user study with seven security analysts. Using our system, they investigated a dataset from the DARPA containing different Advanced Persistent Threat attacks. The results and comments of the security analysts show the usability and usefulness of the recommender system.

show abstract

“…FIMETIS is a tool allowing to interactively explore file system snapshots [1]. The tool provides a security analyst with simple and straightforward analysis views for file system records, the temporal sequence of events, and data clusters.…”

Section: Related Workmentioning

confidence: 99%