Expert knowledge and data analysis for detecting advanced persistent threats

• Autorzy: Juan Ramón Moya , Noemí DeCastro-García , Ramón-Ángel Fernández-Díaz , Jorge Lorenzana Tamargo
• Języki publikacji: EN

Abstrakty

EN

Critical Infrastructures in public administration would be compromised by Advanced Persistent Threats (APT) which today constitute one of the most sophisticated ways of stealing information. This paper presents an effective, learning based tool that uses inductive techniques to analyze the information provided by firewall log files in an IT infrastructure, and detect suspicious activity in order to mark it as a potential APT. The experiments have been accomplished mixing real and synthetic data traffic to represent different proportions of normal and anomalous activity.

Słowa kluczowe

EN

Advanced persistent threat; Cybersecurity; Data mining; Expert knowledge

Kategorie tematyczne

• 68T30: Knowledge representation
• 68T05: Learning and adaptive systems

• Wydawca: De Gruyter Open
• Czasopismo: Open Mathematics
• Rocznik: 2017
• Tom: 15
• Numer: 1
• Strony: 1108-1122

Daty

wydano

2017-01-01

otrzymano

2016-11-15

zaakceptowano

2017-05-04

online

2017-08-19

Twórcy

autor

Juan Ramón Moya

• , , ,

autor

Noemí DeCastro-García

• , , ,

autor

Ramón-Ángel Fernández-Díaz

• , , ,

autor

Jorge Lorenzana Tamargo

• , , ,

Identyfikatory

DOI

10.1515/math-2017-0094