Готові списки джерел за темами / Cyber alerts

Добірка наукової літератури з теми "Cyber alerts"

Автор: Grafiati
Опубліковано: 10 січня 2023
Оновлено: 28 січня 2023

Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями

Оберіть тип джерела:

Ознайомтеся зі списками актуальних статей, книг, дисертацій, тез та інших наукових джерел на тему "Cyber alerts".

Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.

Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.

Зміст

  1. Статті в журналах
  2. Дисертації
  3. Книги
  4. Частини книг
  5. Тези доповідей конференцій

Статті в журналах з теми "Cyber alerts":

1

Chen, Haipeng, Andrew Duncklee, Sushil Jajodia, Rui Liu, Sean Mcnamara, and V. S. Subrahmanian. "PCAM: A Data-driven Probabilistic Cyber-alert Management Framework." ACM Transactions on Internet Technology 22, no. 3 (August 31, 2022): 1–24. http://dx.doi.org/10.1145/3511101.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
We propose PCAM , a Probabilistic Cyber-Alert Management framework, that enables chief information security officers to better manage cyber-alerts. Workers in Cyber Security Operation Centers usually work in 8- or 12-hour shifts. Before a shift, PCAM analyzes data about all past alerts and true alerts during the shift time-frame to schedule a given set of analysts in accordance with workplace constraints so that the expected number of “uncovered” true alerts (i.e., true alerts not shown to an analyst) is minimized. PCAM achieves this by formulating the problem as a bi-level non-linear optimization problem and then shows how to linearize and solve this complex problem. We have tested PCAM extensively. Using statistics derived from 44 days of real-world alert data, we are able to minimize the expected number of true alerts that are not manually examined by a team consisting of junior, senior, and principal analysts. We are also able to identify the optimal mix of junior, senior, and principal analysts needed during both day and night shifts given a budget, outperforming some reasonable baselines. We tested PCAM ’s proposed schedule (from statistics on 44 days) on a further 6 days of data, using an off-the-shelf false alarm classifier to predict which alerts are real and which ones are false. Moreover, we show experimentally that PCAM is robust to various kinds of errors in the statistics used.
2

Albasheer, Hashim, Maheyzah Md Siraj, Azath Mubarakali, Omer Elsier Tayfour, Sayeed Salih, Mosab Hamdan, Suleman Khan, Anazida Zainal, and Sameer Kamarudeen. "Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey." Sensors 22, no. 4 (February 15, 2022): 1494. http://dx.doi.org/10.3390/s22041494.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterprise networks against cyber-attacks. However, NIDS networks suffer from several limitations, such as generating a high volume of low-quality alerts. Moreover, 99% of the alerts produced by NIDSs are false positives. As well, the prediction of future actions of an attacker is one of the most important goals here. The study has reviewed the state-of-the-art cyber-attack prediction based on NIDS Intrusion Alert, its models, and limitations. The taxonomy of intrusion alert correlation (AC) is introduced, which includes similarity-based, statistical-based, knowledge-based, and hybrid-based approaches. Moreover, the classification of alert correlation components was also introduced. Alert Correlation Datasets and future research directions are highlighted. The AC receives raw alerts to identify the association between different alerts, linking each alert to its related contextual information and predicting a forthcoming alert/attack. It provides a timely, concise, and high-level view of the network security situation. This review can serve as a benchmark for researchers and industries for Network Intrusion Detection Systems’ future progress and development.
3

Almseidin, Mohammad, Mouhammad Alkasassbeh, Maen Alzubi, and Jamil Al-Sawwa. "Cyber-Phishing Website Detection Using Fuzzy Rule Interpolation." Cryptography 6, no. 2 (May 7, 2022): 24. http://dx.doi.org/10.3390/cryptography6020024.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
This paper introduces a novel detection method for phishing website attacks while avoiding the issues associated with the deficiencies of the knowledge-based representation and the binary decision. The suggested detection method was performed using Fuzzy Rule Interpolation (FRI). The FRI reasoning methods added the benefit of enhancing the robustness of fuzzy systems and effectively reducing the system’s complexity. These benefits help the Intrusion Detection System (IDS) to generate more realistic and comprehensive alerts in case of phishing attacks. The proposed method was applied to an open-source benchmark phishing website dataset. The results show that the proposed detection method obtained a 97.58% detection rate and effectively reduced the false alerts. Moreover, it effectively smooths the boundary between normal and phishing attack traffic because of its fuzzy nature. It has the ability to generate the required security alert in case of deficiencies in the knowledge-based representation. In addition, the results obtained from the proposed detection method were compared with other literature results. The results showed that the accuracy rate of this work is competitive with other methods. In addition, the proposed detection method can generate the required anti-phishing alerts even if one of the anti-phishing sparse rules does not cover some input parameters (observations).
4

Cheng, Xiang, Jiale Zhang, and Bing Chen. "Cyber Situation Comprehension for IoT Systems based on APT Alerts and Logs Correlation." Sensors 19, no. 18 (September 19, 2019): 4045. http://dx.doi.org/10.3390/s19184045.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
With the emergence of the Advanced Persistent Threat (APT) attacks, many Internet of Things (IoT) systems have faced large numbers of potential threats with the characteristics of concealment, permeability, and pertinence. However, existing methods and technologies cannot provide comprehensive and prompt recognition of latent APT attack activities in the IoT systems. To address this problem, we propose an APT Alerts and Logs Correlation Method, named APTALCM and a framework of deploying APTALCM on the IoT system, where an edge computing architecture was used to achieve cyber situation comprehension without too much data transmission cost. Specifically, we firstly present a cyber situation ontology for modeling the concepts and properties to formalize APT attack activities in the IoT systems. Then, we introduce a cyber situation instance similarity measurement method based on the SimRank mechanism for APT alerts and logs Correlation. Combining with instance similarity, we further propose an APT alert instances correlation method to reconstruct APT attack scenarios and an APT log instances correlation method to detect log instance communities. Through the coalescence of these methods, APTALCM can accomplish the cyber situation comprehension effectively by recognizing the APT attack intentions in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, i.e., Alert Instance Correlation Module (AICM) and Log Instance Correlation Module (LICM) in our APTALCM, can achieve both high true-positive rate and low false-positive rate.
5

Gay, Chris, Barry Horowitz, John Elshaw, Philip Bobko, and Inki Kim. "Operator Suspicion and Decision Responses to Cyber-Attacks on Unmanned Ground Vehicle Systems." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 226–30. http://dx.doi.org/10.1177/1541931213601540.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Cyber-attacks against cyber-physical systems (CPS), such as unmanned vehicles, are emergent threats with potentially catastrophic impacts, and this issue has drawn considerable interest by military agencies. Abundant body of research has attempted to address the physical security aspects of CPS; however, research addressing the human dimensions of cyber-attack detection and responses from an operator and operational perspective is sparse. This research has provided a novel probe into the human factors affecting operator resilience in responding to cyber-attacks, which are situations characterized by uncertainty and malicious intent. The variability of individual operators makes it improbable to grasp the full range of factors contributing to operator performance; however, the application of Suspicion Theory as proposed by Bobko et al. (2013), provides a starting point to aid in understanding operator performance in situations involving malicious intent (e.g. a cyber-attack). According to the theory, malicious intent is a critical component of operator suspicion, which is a key factor in operator response to cyber-attacks. The current research explored this human dimension through scenario-based, human-in-the-loop simulation experiments with Air Force personnel. It included both abstract and empirical assessments of the application of Suspicion Theory to operator detection and responses to cyber-attacks against an unmanned vehicle system, and it took a systems-oriented approach to the problem by considering the interaction of a Human-Machine Team (HMT) in the response. The HMT here refers to an operator and a Sentinel, which is an automated cyber-attack detection aid. The study evaluated the effects of suspicion, as well as the effects of perceived consequence, on the operator, and the resulting HMT quality of performance in responding to alerts, including both false alarms and properly detected cyber-attack scenarios. The findings show that Sentinel alerts alone do not create operator suspicion. Instead, alerts can serve as a catalyst for a wider information search by the operator, which, on a situational basis can lead to formation of increased operator suspicion. The analysis of experimental results pointed to a negative correlation between operator suspicion and performance score that measured the quality of a response to the given scenario. In addition, a strong correlation between HMT performance score and task response time was noted.
6

Angelini, Marco, and Giuseppe Santucci. "Cyber situational awareness: from geographical alerts to high-level management." Journal of Visualization 20, no. 3 (July 12, 2016): 453–59. http://dx.doi.org/10.1007/s12650-016-0377-3.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Yang, Gang, Chaojing Tang, and Xingtong Liu. "DualAC2NN: Revisiting and Alleviating Alert Fatigue from the Detection Perspective." Symmetry 14, no. 10 (October 13, 2022): 2138. http://dx.doi.org/10.3390/sym14102138.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
The exponential expansion of Internet interconnectivity has led to a dramatic increase in cyber-attack alerts, which contain a considerable proportion of false positives. The overwhelming number of false positives cause tremendous resource consumption and delay responses to the really severe incidents, namely, alert fatigue. To cope with the challenge from alert fatigue, we focus on enhancing the capability of detectors to reduce the generation of false alerts from the detection perspective. The core idea of our work is to train a machine-learning-based detector to grasp the empirical intelligence of security analysts to estimate the feasibility of an incoming HTTP request to cause substantial threats, and integrate the estimation into the detection stage to reduce false alarms. To this end, we innovatively introduce the concept of attack feasibility to characterize the composition rationality of an inbound HTTP request as a feasible attack under static scrutinization. First, we adopt a fast request-reorganization algorithm to transform an HTTP request into the form of interface:payload pair for further alignment of structural components which can reveal the processing logic of the target program. Then, we build a dual-channel attention-based circulant convolution neural network (DualAC2NN) to integrate the attack feasibility estimation into the alert decision, by comprehensively considering the interface sensitivity, payload maliciousness, and their bipartite compatibility. Experiments on a real-world dataset show that the proposed method significantly reduces invalid alerts by around 86.37% and over 61.64% compared to a rule-based commercial WAF and several state-of-the-art methods, along with retaining a detection rate at 97.89% and a lower time overhead, which indicates that our approach can effectively mitigate alert fatigue from the detection perspective.
8

Priyawati, Diah, Siti Rokhmah, and Ihsan Cahyo Utomo. "Website Vulnerability Testing and Analysis of Website Application Using OWASP." International Journal of Computer and Information System (IJCIS) 3, no. 3 (August 29, 2022): 142–47. http://dx.doi.org/10.29040/ijcis.v3i3.90.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Many businesses, organizations, and social institutions use websites to support their main tasks. The various benefits of the website must be supported by the security aspects of the website in order to avoid hacking. Cyber attacks or hackers can do dangerous things like get more valuable data. So it is necessary to test a good website to find out the level of vulnerability of application features in it. A suitable test for websites where the website is distributed over a network is the grey box penetration test. This study performs a grey box penetration testing technique using the OWASP method and the OWASP ZAP tool. The test steps are collecting test target information, performing automatic scanning with the help of OWASP ZAP, exploiting the scan results, reporting, and providing recommendations. The test results show the target application website has 12 vulnerabilities with 8.3% at the high level vulnerability or 1 alert, 41.7% at the medium level or 5 alerts, 33.3% at the low level or 4 alerts, and 16.7 at the informational level or 2 alerts. These vulnerabilities are related to matters related to A01-Broken Access Control, A03-Injection, A05-Security Misconfiguration, and A08-Software and Data Integrity Failures.
9

Sahu, Abhijeet, and Katherine Davis. "Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach." Sensors 22, no. 6 (March 9, 2022): 2100. http://dx.doi.org/10.3390/s22062100.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster–Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector’s performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures.
10

Khosravi, Mehran, and Behrouz Tork Ladani. "Alerts Correlation and Causal Analysis for APT Based Cyber Attack Detection." IEEE Access 8 (2020): 162642–56. http://dx.doi.org/10.1109/access.2020.3021499.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Більше джерел
Також вас можуть зацікавити розширені добірки на тему "Cyber alerts" для конкретних типів джерел:
Статті в журналах

Дисертації з теми "Cyber alerts":

1

Clarke, Karla A. "Novel Alert Visualization: The Development of a Visual Analytics Prototype for Mitigation of Malicious Insider Cyber Threats." Diss., NSUWorks, 2018. https://nsuworks.nova.edu/gscis_etd/1049.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Cyber insider threat is one of the most difficult risks to mitigate in organizations. However, innovative validated visualizations for cyber analysts to better decipher and react to detected anomalies has not been reported in literature or in industry. Attacks caused by malicious insiders can cause millions of dollars in losses to an organization. Though there have been advances in Intrusion Detection Systems (IDSs) over the last three decades, traditional IDSs do not specialize in anomaly identification caused by insiders. There is also a profuse amount of data being presented to cyber analysts when deciphering big data and reacting to data breach incidents using complex information systems. Information visualization is pertinent to the identification and mitigation of malicious cyber insider threats. The main goal of this study was to develop and validate, using Subject Matter Experts (SME), an executive insider threat dashboard visualization prototype. Using the developed prototype, an experimental study was conducted, which aimed to assess the perceived effectiveness in enhancing the analysts’ interface when complex data correlations are presented to mitigate malicious insiders cyber threats. Dashboard-based visualization techniques could be used to give full visibility of network progress and problems in real-time, especially within complex and stressful environments. For instance, in an Emergency Room (ER), there are four main vital signs used for urgent patient triage. Cybersecurity vital signs can give cyber analysts clear focal points during high severity issues. Pilots must expeditiously reference the Heads Up Display (HUD), which presents only key indicators to make critical decisions during unwarranted deviations or an immediate threat. Current dashboard-based visualization techniques have yet to be fully validated within the field of cybersecurity. This study developed a visualization prototype based on SME input utilizing the Delphi method. SMEs validated the perceived effectiveness of several different types of the developed visualization dashboard. Quantitative analysis of SME’s perceived effectiveness via self-reported value and satisfaction data as well as qualitative analysis of feedback provided during the experiments using the prototype developed were performed. This study identified critical cyber visualization variables and identified visualization techniques. The identifications were then used to develop QUICK.v™ a prototype to be used when mitigating potentially malicious cyber insider threats. The perceived effectiveness of QUICK.v™ was then validated. Insights from this study can aid organizations in enhancing cybersecurity dashboard visualizations by depicting only critical cybersecurity vital signs.
2

AfzaliSeresht, Neda. "Explainable Intelligence for Comprehensive Interpretation of Cybersecurity Data in Incident Management." Thesis, 2022. https://vuir.vu.edu.au/44414/.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
On a regular basis, a variety of events take place in computer systems: program launches, firewall updates, user logins, and so on. To secure information resources, modern organisations have established security management systems. In cyber incident management, reporting and awareness-raising are a critical to identify and respond to potential threats in organisations. Security equipment operation systems record ’all’ events or actions, and major abnormalities are signaling via alerts based on rules or patterns. Investigation of these alerts is handled by specialists in the incident response team. Security professionals rely on the information in alert messages to respond appropriately. Incident response teams do not audit or trace the log files until an incident happens. Insufficient information in alert messages, and machine-friendly rather than human-friendly format cause cognitive overload on already limited cybersecurity human resources. As a result, only a smaller number of threat alerts are investigated by specialist staff and security holes may be left open for potential attacks. Furthermore, incident response teams have to derive the context of incidents by applying prior knowledge, communicate with the right people to understand what has happened, and initiate the appropriate actions. Insufficient information in alert messages and stakeholders’ participation raise challenges for the incident management process, which may result in late responses. In other words, cybersecurity resources are overburdened due to a lack of information in alert messages that provide an incomplete picture of a subject (incident) to assist with necessary decision making. The need to identify and track local and global sources in order to process and understand the critical elements of threat information causes cognitive overload on the company’s currently limited cybersecurity professionals. This problem can be overcome with a fully integrated report that clarifies the subject (incident) in order to reduce overall cognitive burden. Instead of spending additional time to investigating each subject of incident, which is dependent on the person’s expertise and the amount of time he has, a detailed report of incident can be utilised as an input of human-analyst. If cyber experts’ cognitive loads can be reduced, their response time efficiency may improves. The relationship between achieving incident management agility through contextual analytical with a comprehensive report and reducing human cognition overload is still being studied. There is currently a research gap in determining the key relationships between explainable Artificial Intelligence (AI) models and other technologies used in security management to gain insight into how explainable contextual analytics can provide distinct response capabilities. When using an explainable AI model for event modelling, research is necessary on how to improve self and shared insight about cyber data by gathering and interpreting security knowledge to reduce cognitive burden on analysts. Due to the fact that the level of cyber security expertise depends on prior knowledge or the results of a thorough report as an input, explainable intelligent models for understanding the inputs have been proposed. By enriching and interpreting security data in a comprehensive humanreadable report, analysts can get a better understanding of the situation and make better decisions. Explainable intelligent models are proposed in cyber incident management by interpreting security logs and cybersecurity alerts, and include a model which can be used in fraud detection where a large number of financial transactions necessitates the involvement of a human in the analysis process. In cyber incident management application, a wide and diverse amount of data are digested, and a report in natural language is developed to assist cyber analysts’ understanding of the situation. The proposed model produced easy-to-read reports/stories by presenting supplementary information in a novel narrative framework to communicate the context and root cause of the alert. It has been confirmed that, when compared to baseline reports, a more comprehensive report that answers core questions about the actor (who), riskiness (what), evidence (why), mechanism (how), time (when), and location (where) that support making real-time decisions by providing incident awareness. Furthermore, a common understanding of an incident and its consequences was established through a graph, resulting in Shared Situation Awareness (SSA) capability (the acquisition of cognition through collaboration with others). A knowledge graph, also known as a graph to semantic knowledge, is a data structure that represents various properties and relationships between objects. It has been widely researched and utilised in information processing and organisation. The knowledge graph depicts the various connections between the alert and relevant information from local and global knowledge bases. It interpreted knowledge in a human-readable format to enable more engagement in the cyber incident management. The proposed models are also known as explainable intelligence because they can reduce the cognitive effort required to process a large amount of security data. As a result, self-awareness and shared awareness of what is happening in cybersecurity incidents have been accomplished. The analyses and survey evaluation empirically demonstrated the models’ success in reducing significant overload on expert cognition, bringing more comprehensive information about the incident, and interpreting knowledge in a human-readable format to enable greater participation in cyber incident management. Finally, the intelligent model of knowledge graph is provided for transaction visualisation for fraud detection, an important challenge in security research. As with the same incident management challenges, fraud detection methods need to be more transparent by explaining their results in more detail. Despite the fact that fraudulent practices are always evolving, investigating money laundering based on an explainable AI that uses graph analysis, assist in the comprehension of schemes. A visual representation of the complex interactions that occur in transactions between money sender and money receiver, with explanations of human-readable aspects for easier digestion is provided. The proposed model, which was used in transaction visualisation and fraud detection, was highly regarded by domain experts. The Digital Defense Hackathon in December 2020 demonstrated that the model is adaptable and widely applicable (received first place in the Hackathon competition).
3

Margarido, Daniel Ribeiro. "Waldo, the virtual & intelligent cyber analyst." Master's thesis, 2017. http://hdl.handle.net/10400.26/25336.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
O objetivo deste estágio é desenvolver uma plataforma inteligente, que constitua um analista de segurança, através de agregação e correlação de várias fontes, apresentado-as ao operacional de segurança atravé de uma aplicação web. Este objetivo foi atingido com a implementação de um sistema que: Aplica os cálculos das redes bayesianas para entender o correlacionamento de eventos de vários IDS, utiliza abordagens que conseguem encontrar comportamentos suspeitos a partir da análise da variação destes correlacionamentos e emprega raciocínio baseado em casos para comparar esses comportamentos com outros registados anteriormente. Ao testar o sistema na rede da empresa, foram detetados alguns comportamentos suspeitos, que normalmente n~ao seriam detetados pelos operadores com a sua forma de análise regular. Este sistema mostrou ser bastante importante, não para substituir os operadores, mas para servir de apoio à análise da elevada quantidade de dados que estes recebem. Ao mesmo tempo, fornece um tipo de análise diferente da dos operadores, podendo detetar problemas que não são percebidos através do método normal
4

Wu, Chia-Wei, and 吳嘉偉. "Cyber Security Vulnerabilities Alert System Based on Information from Twitter and CVE." Thesis, 2019. http://ndltd.ncl.edu.tw/cgi-bin/gs32/gsweb.cgi/login?o=dnclcdr&s=id=%22107NCHU5394022%22.&searchmode=basic.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
碩士
國立中興大學
資訊科學與工程學系所
107
Most of the computer system users don’t quite understand the system vulnerabilities and their threats to information security. As a result, hackers are able to exploit the vulnerabilities to attack the system. In addition, the attack methods and tools can be easily obtained through the Internet nowadays, which makes zero-day or N-day attacks much easier and faster. But anti-virus software and firewalls cannot completely prevent this kind of attacks resulted in system vulnerabilities. In this thesis, we try to build a system vulnerability precaution system for computer users or system administrators by analyzing information from Twitter and Common Vulnerabilities and Exposures (CVE). The tweets from security experts and the articles released by CVE are extracted in an hourly and daily basis, respectively. Then the Convolutional Neural Network (CNN) and Bidirectional LSTM Network (Bi-LSTM) are used to train a Named Entity Recognition (NER) model to identify and tag keywords about product security, product name, version, vulnerability, attack methods, etc. The proposed system also maintains the system profile of the systems that are under monitored. Once the tagged keywords returned by NER match one of the system profile, the proposed system will send warning messages to the user or administrator. The experimental results show that the proposed method has better performance in extracting and tagging keywords than other methods. The experiments are performed using two word representations: Stanford Glove and Google word2vec. In either representation, the proposed method has more than 95% of performance in terms of precision, recall, and F1-measure.
5

Ghafir, Ibrahim, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, and F. J. Aparicio-Navarro. "Detection of advanced persistent threat using machine-learning correlation analysis." 2018. http://hdl.handle.net/10454/17614.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Yes
As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%.

Книги з теми "Cyber alerts":

1

Cyber Alert. Chichester: Vision Paperbacks, 2006.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Streeter, Michael, and Peter Warren. Cyber Alert: How the World Is Under Attack from a New Form of Crime. Vision, 2005.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Частини книг з теми "Cyber alerts":

1

Burkart, Nadia, Maximilian Franz, and Marco F. Huber. "Explanation Framework for Intrusion Detection." In Machine Learning for Cyber Physical Systems, 83–91. Berlin, Heidelberg: Springer Berlin Heidelberg, 2020. http://dx.doi.org/10.1007/978-3-662-62746-4_9.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
AbstractMachine learning and deep learning are widely used in various applications to assist or even replace human reasoning. For instance, a machine learning based intrusion detection system (IDS) monitors a network for malicious activity or specific policy violations. We propose that IDSs should attach a sufficiently understandable report to each alert to allow the operator to review them more efficiently. This work aims at complementing an IDS by means of a framework to create explanations. The explanations support the human operator in understanding alerts and reveal potential false positives. The focus lies on counterfactual instances and explanations based on locally faithful decision-boundaries.
2

Wurzenberger, Markus, Max Landauer, Agron Bajraktari, and Florian Skopik. "Automatic Attack Pattern Mining for Generating Actionable CTI Applying Alert Aggregation." In Cybersecurity of Digital Service Chains, 136–61. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-04036-8_7.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
AbstractIntrusion Detection Systems (IDSs) monitor all kinds of IT infrastructures to automatically detect malicious activities related to cyber attacks. Unfortunately, especially anomaly-based IDS are known to produce large numbers of alerts, including false positives, that often become overwhelming for manual analysis. However, due to a fast changing threat landscape, quickly evolving attack techniques, and ever growing number of vulnerabilities, novel anomaly detection systems that enable detection of unknown attacks are indispensable. Therefore, to reduce the number of alerts that have to be reviewed by security analysts, aggregation methods have been developed for filtering, grouping, and correlating alerts. Yet, existing techniques either rely on manually defined attack scenarios or require specific alert formats, such as IDMEF that includes IP addresses. This makes the application of existing aggregation methods infeasible for alerts from host-based or anomaly-based IDSs that frequently lack such network-related data. In this chapter, we present a domain-independent alert aggregation technique that enables automatic attack pattern mining and generation of actionable CTI. The chapter describes the concept of the proposed alert aggregation process as well as a dashboard that enables visualization and filtering of the results. Finally, the chapter demonstrates all features in course of an application example.
3

Cheng, Xiang, Jiale Zhang, and Bing Chen. "Correlate the Advanced Persistent Threat Alerts and Logs for Cyber Situation Comprehension." In Communications in Computer and Information Science, 123–38. Singapore: Springer Singapore, 2019. http://dx.doi.org/10.1007/978-981-15-0758-8_10.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Bahaa-Eldin, Ayman M. "A Bio-inspired Comprehensive Distributed Correlation Approach for Intrusion Detection Alerts and Events." In Bio-inspiring Cyber Security and Cloud Services: Trends and Innovations, 3–38. Berlin, Heidelberg: Springer Berlin Heidelberg, 2014. http://dx.doi.org/10.1007/978-3-662-43616-5_1.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Dunstatter, Noah, Alireza Tahsini, Mina Guirguis, and Jelena Tešić. "Solving Cyber Alert Allocation Markov Games with Deep Reinforcement Learning." In Lecture Notes in Computer Science, 164–83. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-32430-8_11.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Leeuw, H. B. M. "Using Big Data to Study Digital Piracy and the Copyright Alert System 1." In Cyber Society, Big Data, and Evaluation, 97–116. New Brunswick: Transaction Publishers, [2017] | Series:: Routledge, 2017. http://dx.doi.org/10.4324/9780203793909-6.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Ganesan, Rajesh, Ankit Shah, Sushil Jajodia, and Hasan Cam. "Optimizing Alert Data Management Processes at a Cyber Security Operations Center." In Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, 206–31. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-30719-6_9.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Ganesan, Rajesh, and Ankit Shah. "A Strategy for Effective Alert Analysis at a Cyber Security Operations Center." In Lecture Notes in Computer Science, 206–26. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-030-04834-1_11.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Funke, Gregory, Gregory Dye, Brett Borghetti, Vincent Mancuso, Eric Greenlee, Brent Miller, Lauren Menke, Rebecca Brown, and Alex Vieane. "Development and Validation of the Air Force Cyber Intruder Alert Testbed (CIAT)." In Advances in Intelligent Systems and Computing, 363–76. Cham: Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-41932-9_30.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Riebe, Thea, Tristan Wirth, Markus Bayer, Philipp Kühn, Marc-André Kaufhold, Volker Knauthe, Stefan Guthe, and Christian Reuter. "CySecAlert: An Alert Generation System for Cyber Security Events Using Open Source Intelligence Data." In Information and Communications Security, 429–46. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-86890-1_24.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Тези доповідей конференцій з теми "Cyber alerts":

1

Wu, Mingtao, and Young B. Moon. "Intrusion Detection of Cyber-Physical Attacks in Manufacturing Systems: A Review." In ASME 2019 International Mechanical Engineering Congress and Exposition. American Society of Mechanical Engineers, 2019. http://dx.doi.org/10.1115/imece2019-10135.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Abstract Cyber-physical manufacturing system is the vision of future manufacturing systems where physical components are fully integrated through various networks and the Internet. The integration enables the access to computation resources that can improve efficiency, sustainability and cost-effectiveness. However, its openness and connectivity also enlarge the attack surface for cyber-attacks and cyber-physical attacks. A critical challenge in defending those attacks is that current intrusion detection methods cannot timely detect cyber-physical attacks. Studies showed that the physical detection provides a higher accuracy and a shorter respond time compared to network-based or host-based intrusion detection systems. Moreover, alert correlation and management methods help reducing the number of alerts and identifying the root cause of the attack. In this paper, the intrusion detection research relevant to cyber-physical manufacturing security is reviewed. The physical detection methods — using side-channel data, including acoustic, image, acceleration, and power consumption data to disclose attacks during the manufacturing process — are analyzed. Finally, the alert correlation methods — that manage the high volume of alerts generated from intrusion detection systems via logical relationships to reduce the data redundancy and false alarms — are reviewed. The study show that the cyber-physical attacks are existing and rising concerns in industry. Also, the increasing efforts in cyber-physical intrusion detection and correlation research can be utilized to secure the future manufacturing systems.
2

Schlenker, Aaron, Haifeng Xu, Mina Guirguis, Christopher Kiekintveld, Arunesh Sinha, Milind Tambe, Solomon Sonya, Darryl Balderas, and Noah Dunstatter. "Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cyber-security Alerts." In Twenty-Sixth International Joint Conference on Artificial Intelligence. California: International Joint Conferences on Artificial Intelligence Organization, 2017. http://dx.doi.org/10.24963/ijcai.2017/54.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
In recent years, there have been a number of successful cyber attacks on enterprise networks by malicious actors which have caused severe damage. These networks have Intrusion Detection and Prevention Systems in place to protect them, but they are notorious for producing a high volume of alerts. These alerts must be investigated by cyber analysts to determine whether they are an attack or benign. Unfortunately, there are magnitude more alerts generated than there are cyber analysts to investigate them. This trend is expected to continue into the future creating a need for tools which find optimal assignments of the incoming alerts to analysts in the presence of a strategic adversary. We address this challenge with the four following contributions: (1) a cyber screening game (CSG) model for the cyber network protection domain, (2) an NP-hardness proof for computing the optimal strategy for the defender, (3) an algorithm that finds the optimal allocation of experts to alerts in the CSG, and (4) heuristic improvements for computing allocations in CSGs that accomplishes significant scale-up which we show empirically to closely match the solution quality of the optimal algorithm.
3

Brosset, David, Camille Cavelier, Benjamin Coste, Yvon Kermarrec, Joffrey Lartigaud, and Pedro Merino Laso. "Cr@ck3n: A cyber alerts visualization object." In 2017 International Conference on Cyber-Situational Awareness, Data Analytics and Assessment (Cyber SA). IEEE, 2017. http://dx.doi.org/10.1109/cybersa.2017.8073401.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Dunstatter, Noah, Mina Guirguis, and Alireza Tahsini. "Allocating Security Analysts to Cyber Alerts Using Markov Games." In 2018 National Cyber Summit (NCS). IEEE, 2018. http://dx.doi.org/10.1109/ncs.2018.00008.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Cappers, Bram C. M., and Jarke J. van Wijk. "Understanding the context of network traffic alerts." In 2016 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE, 2016. http://dx.doi.org/10.1109/vizsec.2016.7739579.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Kidmose, Egon, Matija Stevanovic, and Jens Myrup Pedersen. "Correlating intrusion detection alerts on bot malware infections using neural network." In 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). IEEE, 2016. http://dx.doi.org/10.1109/cybersecpods.2016.7502344.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

AfzaliSeresht, Neda, Yuan Miao, Qing Liu, Assefa Teshome, and Wenjie Ye. "Investigating cyber alerts with graph-based analytics and narrative visualization." In 2020 24th International Conference Information Visualisation (IV). IEEE, 2020. http://dx.doi.org/10.1109/iv51561.2020.00090.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Vaarandi, Risto. "A Stream Clustering Algorithm for Classifying Network IDS Alerts." In 2021 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 2021. http://dx.doi.org/10.1109/csr51186.2021.9527926.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Moskal, Stephen, Shanchieh Jay Yang, and Michael E. Kuhl. "Extracting and Evaluating Similar and Unique Cyber Attack Strategies from Intrusion Alerts." In 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). IEEE, 2018. http://dx.doi.org/10.1109/isi.2018.8587402.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Cam, Hasan, and Pierre Mouallem. "Risk-driven aggregation and transmission prioritization of cyber alerts over mobile networks." In 2014 International Conference on Computing, Networking and Communications (ICNC). IEEE, 2014. http://dx.doi.org/10.1109/iccnc.2014.6785305.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

До бібліографії