Khan, Saad and Parkinson, Simon (2017) Causal Connections Mining Within Security Event Logs. In: Proceedings of the 9th International Conference on Knowledge Capture. ACM. ISBN 9781450355537
|
PDF
- Accepted Version
Download (564kB) | Preview |
Abstract
Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system.
Item Type: | Book Chapter |
---|---|
Uncontrolled Keywords: | Knowledge extraction; Automated; Causal |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Schools: | School of Computing and Engineering School of Computing and Engineering > High-Performance Intelligent Computing > Planning, Autonomy and Representation of Knowledge School of Computing and Engineering > High-Performance Intelligent Computing > Planning, Autonomy and Representation of Knowledge |
Related URLs: | |
Depositing User: | Simon Parkinson |
Date Deposited: | 15 Nov 2017 14:37 |
Last Modified: | 28 Aug 2021 15:26 |
URI: | http://eprints.hud.ac.uk/id/eprint/33841 |
Downloads
Downloads per month over past year
Repository Staff Only: item control page
![]() |
View Item |