Evidence Identification in Heterogeneous Data Using Clustering

Mohammed, Hussam J.; Clarke, Nathan; Li, Fudong

doi:10.1145/3230833.3233271

Cited by 5 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They realized that despite the inherent complex structure and high computational cost, hybrid classifiers can contribute to improving accuracy. Mohammed et al [321] proposed a clustering approach based on Fuzzy C-Means (FCM) and K-means algorithms to identify the evidential files and isolate the non-related files based on their metadata. Makanju et al [322] took advantage of an integrated signature-based and anomaly-based approach to propose a framework based on frequent patterns.…”

Section: E Anomaly Detection From Log Data Sourcesmentioning

confidence: 99%

A Survey on Forensics and Compliance Auditing for Critical Infrastructure Protection

Henriques,

Caldeira,

Cruz

et al. 2024

IEEE Access

View full text Add to dashboard Cite

The broadening dependency and reliance that modern societies have on essential services provided by Critical Infrastructures is increasing the relevance of their trustworthiness. However, Critical Infrastructures are attractive targets for cyberattacks, due to the potential for considerable impact, not just at the economic level but also in terms of physical damage and even loss of human life. Complementing traditional security mechanisms, forensics and compliance audit processes play an important role in ensuring Critical Infrastructure trustworthiness. Compliance auditing contributes to checking if security measures are in place and compliant with standards and internal policies. Forensics assist the investigation of past security incidents. Since these two areas significantly overlap, in terms of data sources, tools and techniques, they can be merged into unified Forensics and Compliance Auditing (FCA) frameworks. In this paper, we survey the latest developments, methodologies, challenges, and solutions addressing forensics and compliance auditing in the scope of Critical Infrastructure Protection. This survey focuses on relevant contributions, capable of tackling the requirements imposed by massively distributed and complex Industrial Automation and Control Systems, in terms of handling large volumes of heterogeneous data (that can be noisy, ambiguous, and redundant) for analytic purposes, with adequate performance and reliability. The achieved results produced a taxonomy in the field of FCA whose key categories denote the relevant topics in the literature. Also, the collected knowledge resulted in the establishment of a reference FCA architecture, proposed as a generic template for a converged platform. These results are intended to guide future research on forensics and compliance auditing for Critical Infrastructure Protection.

show abstract

Section: E Anomaly Detection From Log Data Sourcesmentioning

confidence: 99%