OwlSight: Platform for Real-Time Detection and Visualization of Cyber Threats

Carvalho, Vasco Samuel; Polidoro, Maria Joao; Magalhaes, Joao Paulo

doi:10.1109/bigdatasecurity-hpsc-ids.2016.73

Cited by 11 publications

(12 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In our review, we observed that quite a large number of countermeasures are either not evaluated at all ( [23], [40], [45] , [48] , [49] , [62] , [75] , [88] , [91] , [67] , [92] , [105] , [110], [111], [114], [137], [141], [154], , [160], [174], , [175]) or evaluated weakly ( [60], [70], [100], [109], [132], [138], [147], [158], [161], [165], [171]). We consider an evaluation as weak evaluation when the system is evaluated with a small dataset (e.g.…”

Section: Discussionmentioning

confidence: 99%

“…Carvalho et al [160] present an approach for real-time detection of attacks on an organization's network based on analysing a large amount of malware data gathered from various resources on daily basis. The proposed system, OwlSight, works in seven steps; (1) OwlSights collects malware data from both external (Social media data) and internal sources (organizational network flow and logs) (2) Gathered data is brought into a single format (3) Data is clustered into events based on similarity (4) Duplicate copies are removed (5) Data is enriched by analysing it for locations, numbers, names, and URLs (6) Data for each event is stored in a separate database (Email DB, and Social media DB) (7) Big data analysis engine is used to analyse these databases and show real-time alerts to the security administrators of an organization.…”

Section: Network + Host-based Anomaly Detectionmentioning

confidence: 99%

“…Malware attack, SQL Injection attack, Phishing attack Rajamenakshi & Padmavathi [159] In use/in transit A framework for gathering and analysing data from network and host resources for detecting data exfiltration DNS attack, SYN flooding, and port scanning Carvalho et al [160] In use/in transit Framework for gathering network and host data and analysing it for detecting data exfiltration.…”

Section: Malware Attacksmentioning

confidence: 99%

See 2 more Smart Citations

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

103

View full text Add to dashboard Cite

Context: One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective: This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method: We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results: We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion: This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in 'in use' state, therefore, future research needs to be directed towards securing data in 'in rest' and 'in transit' states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Network + Host-based Anomaly Detectionmentioning

confidence: 99%

Section: Malware Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

103

View full text Add to dashboard Cite

show abstract

“…OwlSight [9] birden fazla istihbarat kaynağından büyük hacimde veri toplayıp bunları analiz eden bir sistemdir. Günlük 107'den fazla kötü amaçlı yazılımın ne zaman ortaya çıktığını, ne kadar yayıldığını, ait olduğu aile sınıfını ortaya çıkartan ve bu verileri görselleştirerek düşük yanlış alarm sayısına sahip gerçek zamanlı bir uyarı sistemi oluşturmaktadır.…”

Section: İlgi̇li̇ çAlişmalarunclassified

Cyber Security Model Based on Open Source Intelligence via Twitter Tweets

Ekşim

Civelek

2019

Düzce Üniversitesi Bilim Ve Teknoloji Dergisi

View full text Add to dashboard Cite

Açık kaynak istihbaratı (Open Source Intelligence, OSINT), kamuya açık bilgilerin sistematik olarak toplanması, işlenmesi ve analiz edilmesi sonucu elde edilen bilgiden istihbarat üretme disiplinidir. Açık kaynak istihbaratı çıkarmak stratejik bir zekâ olarak görülmektedir. Siber saldırılar için açık kaynak istihbaratı çıkarmak, saldırıların önlenmesi için yeni bir zekâ seviyesi oluşturacaktır. Sosyal medya, istihbarat için hızlı ve etkili bir kaynak oluşturmaktadır. Yapılan araştırmalar sıfırıncı gün (zero-day) atakların, saldırı gerçekleşmeden ya da henüz çok yayılmadan sosyal medya üzerinden tespit edilebildiğini göstermektedir. Bu nedenle OSINT tabanlı saldırı önleme sistemlerinin, siber ataklara karşı etkili bir önleme sağlayacağı düşünülmektedir. Bu çalışmada OSINT tabanlı saldırı tespit çalışmaları ile ilgili literatür taraması yapılmış aynı zamanda sosyal medya üzerinden saldırı istihbaratı sağlandığı anda devreye giren yarı-otomatik OSINT tabanlı saldırı önleme modeli önerilmiştir. Bu model, tweetler içerisinden istihbarat dataların çıkartılabildiği durumunda (BlackIP, virüs imzası vb.) sisteme otomatik eklenmesini, çıkartılamadığı durumlarda saldırıyı analiz edecek uzmana en kısa sürede maksimum bilgi sağlayacak şekilde oluşturulmuştur.

show abstract

“…A cyber threat platform for real-time detection and visualization of cyber threats OwlSight is presented in [2]. The platform is composed by several building blocks and it is able to collect huge amounts of data from multiple sources, prepare and analyze the data and present the findings through a set of insightful dashboards.…”

Section: Introductionmentioning

confidence: 99%

Security event data collection and analysis in large corporate networks

Чернова¹,

Polezhaev

Shukhman

et al. 2019

Proceedings of the v International Conference Information Technology and Nanotechnology 2019

View full text Add to dashboard Cite

Every year computer networks become more complex, which directly affects the provision of a high level of information security. Different commercial services, critical systems, and information resources prevailing in such networks are profitable targets for terrorists, cyber-spies, and criminals. The consequences range from the theft of strategic, highly valued intellectual property and direct financial losses to significant damages to a brand and customer trust. Attackers have the advantage in complex computer networks – it is easier to hide their tracks. The detection and identification of security incidents are the most important and difficult tasks. It is required to detect security incidents as soon as possible, to analyze and respond to them correctly, so as not to complicate the work of the enterprise computer network. The difficulty is that different event sources offer different data formats or can duplicate events. In addition, some events do not indicate any problems on their own, but their sequence may indicate the presence of a security incident. All collection processes of security events must be performed in real-time, which means streaming data processing.

show abstract

OwlSight: Platform for Real-Time Detection and Visualization of Cyber Threats

Cited by 11 publications

References 7 publications

Data exfiltration: A review of external attack vectors and countermeasures

Data exfiltration: A review of external attack vectors and countermeasures

Cyber Security Model Based on Open Source Intelligence via Twitter Tweets

Security event data collection and analysis in large corporate networks

Contact Info

Product

Resources

About