Security event correlation approaches are necessary to detect and predict incremental threats such as multi-step or targeted attacks (advanced persistent threats) and other causal sequences of abnormal events. The use of security event correlation techniques also makes it possible to reduce the volume of the original data stream by grouping the events and eliminating their redundancy. The variety of event correlation methods, in turn, requires choosing the most appropriate way to handle security events, depending on the purpose and available resources. This paper presents a systematization of security event correlation methods into several categories, such as publication year, applied correlation methods, knowledge extraction methods, used data sources, architectural solutions, and quality evaluation of correlation methods. The research method is a systematic literature review, which includes the formulation of research questions, the choice of keywords and criteria for inclusion and exclusion. The review corpus is formed by using search queries in Google Scholar, IEEE Xplore, ACM Digital Library, ScienceDirect, and selection criteria. The final review corpus includes 127 publications from the existing literature for 2010-2021 and reflects the current state of research in the security event correlation field. The results of the analysis include the main directions of research in the field of event correlation and methods used for correlation both single events and their sequences in attack scenarios. The review also describes the datasets and metrics used to evaluate security event correlation approaches. In conclusion, the existing problems and possible ways to overcome them are identified. The main contribution of the review is the most complete classification and comparison of existing approaches to the security event correlation, considered not only from the point of view of the algorithm, but also the possibility of unknown attack detection, architectural solutions and the use of event initial data.
This article provides a tutorial for developing a simple machine learning application in Python. More spe-cifically, the paper considers daily activity recognition using sensors of a smartphone. For development, we used TensorFlow, Skikit learn, NumPy, Pandas, and Matplotlib. The paper explains in detail the main steps of the application development, including data collection and pre-processing, design of the neural network, learning process, and use of a trained model. The overall accuracy of the developed application when recognizing the activity is about 95 %. This paper can be useful for students and specialists who want to start work on machine learning.
The article presents a methodology for monitoring and diagnosing local incidents with the potential for protest activity, which consists of four main steps and five related modules. The method differs from its analogues in that it takes into account the textual features of the network strategies of communication participants, hierarchical relationships between information objects, and attributes of audience activity in social networks. At the same time, the technique provides diagnostics of a local incident and detection of the beginning of its artificial mediatization. The article also demonstrates the results of experimental studies.
The article presents a methodology for developing an Intrusion Detection Assessment Module based on CICIDS17 data. The article presents the numerical results of the designed module, as well as indicators of its performance. The CICIDS17 data-driven attack analyzer series of articles fills the gap in using the original dataset to develop an efficient machine learning engine for identifying information security events.
At present, attacks on computer networks continue to develop at a speed that outstrips the ability of information security specialists to create new attack signatures. This article illustrates an approach to preprocessing raw data and visualizing information security events in a live dataset. It is shown how preprocessing and primary knowledge extraction for further use of the processed dataset in machine learning models can be used in the design of machine learning models for intrusion detection systems. A distinctive feature of the work is that the most relevant set CICIDS17 was taken as the studied dataset. Although traditionally considered popular such kits as DARPA2000 and KDD-99, which are more than 20 years old. The article also describes the criteria and characteristics that the set has.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.