A Hierarchical Security Event Correlation Model for Real-Time Threat Detection and Response

Maosa, Herbert; Ouazzane, Karim; Ghanem, Mohamed Chahine

doi:10.3390/network4010004

Cited by 2 publications

(1 citation statement)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many of these security devices use separate log-collection and analysis servers to detect cyberattacks, gather logs from target nodes, and collect events from network security devices for abnormal detection [1,2]. An abnormal detection event is considered a potential threat and processed as a DROP policy object to prevent attack attempts when it exceeds a predetermined threshold [3]. Tightening these thresholds enhances security and increases the firewall load [4].…”

Section: Introductionmentioning

confidence: 99%

AI-Based Approach to Firewall Rule Refinement on High-Performance Computing Service Network

Lee,

Hong,

Lee

2024

Applied Sciences

View full text Add to dashboard Cite

High-performance computing (HPC) relies heavily on network security, particularly when supercomputing services are provided via public networks. As supercomputer operators, we introduced several security devices, such as anti-DDoS, intrusion prevention systems (IPSs), firewalls, and web application firewalls, to ensure the secure use of supercomputing resources. Potential threats are identified based on predefined security policies and added to the firewall rules for access control after detecting abnormal behavior through anti-DDoS, IPS, and system access logs. After analyzing the status change patterns for rule policies added owing to human errors among these added firewall log events, 289,320 data points were extracted over a period of four years. Security experts and operators must go through a strict verification process to rectify policies that were added incorrectly owing to human error, which adds to their workload. To address this challenge, our research applies various machine- and deep-learning algorithms to autonomously determine the normalcy of detection without requiring administrative intervention. Machine-learning algorithms, including naïve Bayes, K-nearest neighbor (KNN), OneR, a decision tree called J48, support vector machine (SVM), logistic regression, and the implemented neural network (NN) model with the cross-entropy loss function, were tested. The results indicate that the KNN and NN models exhibited an accuracy of 97%. Additional training and feature refinement led to even better improvements, increasing the accuracy to 98%, a 1% increase. By leveraging the capabilities of machine-learning and deep-learning technologies, we have provided the basis for a more robust, efficient, and autonomous network security infrastructure for supercomputing services.

show abstract

Section: Introductionmentioning

confidence: 99%

AI-Based Approach to Firewall Rule Refinement on High-Performance Computing Service Network

Lee,

Hong,

Lee

2024

Applied Sciences

View full text Add to dashboard Cite

show abstract

Securing tomorrow: a comprehensive survey on the synergy of Artificial Intelligence and information security

Hashmi,

Yamin,

Yayilgan

2024

AI Ethics

View full text Add to dashboard Cite

This survey paper explores the transformative role of Artificial Intelligence (AI) in information security. Traditional methods, especially rule-based approaches, faced significant challenges in protecting sensitive data from ever-changing cyber threats, particularly with the rapid increase in data volume. This study thoroughly evaluates AI’s application in information security, discussing its strengths and weaknesses. It provides a detailed review of AI’s impact on information security, examining various AI algorithms used in this field, such as supervised, unsupervised, and reinforcement learning, and highlighting their respective strengths and limitations. The study identifies key areas for future AI research in information security, focusing on improving algorithms, strengthening information security, addressing ethical issues, and exploring safety and security-related concerns. It emphasizes significant security risks, including vulnerability to adversarial attacks, and aims to enhance the robustness and reliability of AI systems in protecting sensitive information by proposing solutions for potential threats. The findings aim to benefit cybersecurity professionals and researchers by offering insights into the intricate relationship between AI, information security, and emerging technologies.

show abstract

A Hierarchical Security Event Correlation Model for Real-Time Threat Detection and Response

Cited by 2 publications

References 39 publications

AI-Based Approach to Firewall Rule Refinement on High-Performance Computing Service Network

AI-Based Approach to Firewall Rule Refinement on High-Performance Computing Service Network

Securing tomorrow: a comprehensive survey on the synergy of Artificial Intelligence and information security

Contact Info

Product

Resources

About