Search:
Computing and Library Services - delivering an inspiring information environment

Causal Connections Mining Within Security Event Logs

Khan, Saad and Parkinson, Simon (2017) Causal Connections Mining Within Security Event Logs. In: Proceedings of the 9th International Conference on Knowledge Capture. ACM. (In Press)

[img] PDF - Accepted Version
Restricted to Repository staff only

Download (564kB)

Abstract

Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system.

Item Type: Book Chapter
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Schools: School of Computing and Engineering > High-Performance Intelligent Computing > Planning, Autonomy and Representation of Knowledge
School of Computing and Engineering > High-Performance Intelligent Computing > Planning, Autonomy and Representation of Knowledge

School of Computing and Engineering
Related URLs:
Depositing User: Simon Parkinson
Date Deposited: 15 Nov 2017 14:37
Last Modified: 15 Nov 2017 14:41
URI: http://eprints.hud.ac.uk/id/eprint/33841

Downloads

Downloads per month over past year

Repository Staff Only: item control page

View Item View Item

University of Huddersfield, Queensgate, Huddersfield, HD1 3DH Copyright and Disclaimer All rights reserved ©