Proceedings Article10.1109/DSC50466.2020.00017
An APT Attack Analysis Framework Based on Self-define Rules and Mapreduce
Qi Yulu,Rong Jiang,Yan Jia,Aiping Li +3 more
- 27 Jul 2020
- pp 61-66
9
TL;DR: This paper proposes anAPT attack analysis framework based on the APT attack rules and current mainstream detection technologies, and implements constraints relies on the cyber security knowledge graph and self-defined attack rules, thereby realizing the current security status of the network in real time.
read more
Abstract: The essence of Internet security is information security, as more and more industries rely on the Internet, in order to protect the information security of these industries, spawned local area networks (LANs), intranets and so on. With the development of information sensor technology, the Internet of Things (IoT) that interconnects physical devices has emerged. As a unity of computing process and physical process, the Cyberphysical systems (CPS) is the next generation intelligent system which integrates computing, communication and control. CyberPhysical systems cover a wide range of applications, including intelligent transportation systems, telemedicine, smart grids, aerospace, and many other fields, many of which involve critical infrastructure. The APT attacks are typically directed against these critical infrastructures around the world. So, timely and accurate detection APT attacks and take effective defensive measures, it is meaningful to protect the national information security. Although APT attacks seem destructive, their attack process are complex and changeable, in essence, they usually follow certain rules. This paper proposes an APT attack analysis framework based on the APT attack rules and current mainstream detection technologies. The framework iteratively matches the collected data with the cyber security knowledge graph, and implements constraints relies on the cyber security knowledge graph and self-defined attack rules, thereby realizing the current security status of the network in real time.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
A comprehensive survey on deep learning based malware detection techniques
TL;DR: In this article , the authors investigated recently proposed deep learning-based malware detection systems and their evolution and offered a thorough analysis of the recently developed DL-based detection techniques, including mobile malware, Windows malware, IoT malware, Advanced Persistent Threat (APTs), and Ransomware.
136
•Proceedings Article
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Greg Sprague,Bernadette H. Schell,Wilfred Fong +2 more
- 30 Oct 2006
TL;DR: It is my great pleasure as general chair of the PST2006 conference to welcome you to this year's privacy, security and trust (PST) conference being hosted by the University of Ontario Institute of Technology (UOIT).
11
Coding with XML for Efficiencies in Cataloging and Metadata: Practical Applications of XSD, XSLT, and XQuery
TL;DR: Coding with XML for Efficiencies in Cataloging and Metadata is a worthy reference book to help developers think through new ways of dealing with cataloging information using XML tools.
2
Coding with XML for Efficiencies in Cataloguing and Metadata: Practical Applications of XSD, XSLT and XQUERY
Sherrey Quinn
- 01 Mar 2020
TL;DR: In this article, the use of Extensible Markup Language (XML) has been widely adopted by libraries and publishers for sharing metadata about the information resources they collect, publish and publish.
2
References
Probabilistic Alert Correlation
Alfonso Valdes,Keith Skinner +1 more
- 10 Oct 2001
TL;DR: The probabilistic approach provides a unified mathematical framework for correlating alerts that match closely but not perfectly, where the minimum degree of match required to fuse alerts is controlled by a single configurable parameter.
Relational retrieval using a combination of path-constrained random walks
Ni Lao,William W. Cohen +1 more
- 01 Oct 2010
TL;DR: A novel learnable proximity measure is described which instead uses one weight per edge label sequence: proximity is defined by a weighted combination of simple “path experts”, each corresponding to following a particular sequence of labeled edges.
727
AMIE: association rule mining under incomplete evidence in ontological knowledge bases
Luis Galárraga,Christina Teflioudi,Katja Hose,Fabian M. Suchanek +3 more
- 13 May 2013
TL;DR: This paper develops a rule mining model that is explicitly tailored to support the open world assumption (OWA), and is inspired by association rule mining and introduces a novel measure for confidence.
Constructing attack scenarios through correlation of intrusion alerts
Peng Ning,Yun Cui,Douglas S. Reeves +2 more
- 18 Nov 2002
TL;DR: A formal framework for alert correlation, the implementation of an off-line alert correlator based on the framework, and the evaluation of the method with the 2000 DARPA intrusion detection scenario specific datasets demonstrate the potential of the proposed method and its advantage over alternative methods.
A Practical Approach to Constructing a Knowledge Graph for Cybersecurity
TL;DR: A cybersecurity knowledge base and deduction rules based on a quintuple model is presented and the Stanford named entity recognizer (NER) is used to train an extractor to extract useful information.
225