A Simulation Based SIEM Framework to Attribute and Predict Attacks
نویسندگان
چکیده
We present a Security Information and Event Management (SIEM) framework to correlate, attribute and predict attacks against an ICT system. The output of the assessment of ICT risk, that exploits multiple simulations of attacks against the system, drives the building of a SIEM database. This database enables the SIEM to correlate sequences of detected attacks, to probabilistically attribute and predict attacks, and to discover 0-day vulnerability. After describing the framework and its prototype implementation, we discuss the experimental results on the main SIEM capabilities.
منابع مشابه
DoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملA Framework for Optimal Attribute Evaluation and Selection in Hesitant Fuzzy Environment Based on Enhanced Ordered Weighted Entropy Approach for Medical Dataset
Background: In this paper, a generic hesitant fuzzy set (HFS) model for clustering various ECG beats according to weights of attributes is proposed. A comprehensive review of the electrocardiogram signal classification and segmentation methodologies indicates that algorithms which are able to effectively handle the nonstationary and uncertainty of the signals should be used for ECG analysis. Ex...
متن کاملIntrusion Detection in IOT based Networks Using Double Discriminant Analysis
Intrusion detection is one of the main challenges in wireless systems especially in Internet of things (IOT) based networks. There are various attack types such as probe, denial of service, remote to local and user to root. In addition to known attacks and malicious behaviors, there are various unknown attacks that some of them have similar behavior with respect to each other or mimic the norma...
متن کاملA Comparative Study of Multi-Attribute Continuous Double Auction Mechanisms
Auctions have been as a competitive method of buying and selling valuable or rare items for a long time. Single-sided auctions in which participants negotiate on a single attribute (e.g. price) are very popular. Double auctions and negotiation on multiple attributes create more advantages compared to single-sided and single-attribute auctions. Nonetheless, this adds the complexity of the auctio...
متن کاملA Lightweight Intrusion Detection System Based on Specifications to Improve Security in Wireless Sensor Networks
Due to the prevalence of Wireless Sensor Networks (WSNs) in the many mission-critical applications such as military areas, security has been considered as one of the essential parameters in Quality of Service (QoS), and Intrusion Detection System (IDS) is considered as a fundamental requirement for security in these networks. This paper presents a lightweight Intrusion Detection System to prote...
متن کامل