Performance Evaluation of Open-Source Endpoint Detection and Response Combining Google Rapid Response and Osquery for Threat Detection

Park, So‐Hyun; Yun, Sun-Woo; Jeon, So-Eun; Park, Na-Eun; Shim, Hye-Yeon; Lee, Yu-Rim; Lee, Sun-Jin; Park, Tae-Rim; Shin, Nayeon; Kang, Minjin; Lee, Il-Gu

doi:10.1109/access.2022.3152574

Cited by 13 publications

(9 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By applying security approaches and weakness filtering, the plant could distinguish and fix weaknesses quickly. This proactive methodology guaranteed the proceeded with activity of basic hardware and kept expected disturbances from cyberattacks [5]. 4.…”

Section: Case Studies and Use Casesmentioning

confidence: 99%

Comprehensive Analysis of Endpoint Security Strategies, Technologies and Challenges

2023

IRJMETS

View full text Add to dashboard Cite

The escalating frequency of data breaches, often attributed to endpoint vulnerabilities, has propelled enterprises to reevaluate their security strategies. Notably, mobile devices have emerged as a primary source of data leaks. Traditional approaches such as employee training have proven inadequate, exacerbated by the proliferation of third-party cloud services, which challenge data protection. In response, the endpoint security market has flourished, offering solutions for safeguarding these endpoints. Our study delves into methods and technologies for endpoint security, contrasting traditional Endpoint Protection Platforms (EPP) with emerging Endpoint Detection and Response (EDR) systems. An in-depth evaluation of their mechanisms and effectiveness is presented, emphasizing the attributes of effective protection software. Furthermore, our review seeks to aid organizations, both small and large, in comprehending the evolving landscape of insider threats in dynamic cyberspace. This understanding can empower companies to exercise enhanced control over endpoint security, mitigating the risk of future data breaches. Negligent users are also enlightened about the gravity of online privacy while connected to corporate networks. By attempting to predict the future of protection products, this paper contributes to the broader research on endpoint detection, protection, and related areas.

show abstract

Section: Case Studies and Use Casesmentioning

confidence: 99%

Comprehensive Analysis of Endpoint Security Strategies, Technologies and Challenges

2023

IRJMETS

View full text Add to dashboard Cite

show abstract

“…The real-world environment is not considered. Park et al [18] An open-source EDR system combining GRR and osquery is evaluated for threat detection, and incident detection experiments are conducted.…”

Section: Related Workmentioning

confidence: 99%

“…Park et al [18] integrated open-source security frameworks combining GRR and osquery to expand detection coverage. The APT coverage for the proposed EDR system was analyzed using MITRE's adversarial tactics, techniques, and common knowledge model.…”

Section: Detection Of Cyberattacks By Using Threat Detectorsmentioning

confidence: 99%

An Effective Threat Detection Framework for Advanced Persistent Cyberattacks

Jeon¹,

Lee²,

Lee³

et al. 2023

Computers, Materials &Amp; Continua

Self Cite

View full text Add to dashboard Cite

Recently, with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic, the possibility of cyberattacks through endpoints has increased. Numerous endpoint devices are managed meticulously to prevent cyberattacks and ensure timely responses to potential security threats. In particular, because telecommuting, telemedicine, and teleeducation are implemented in uncontrolled environments, attackers typically target vulnerable endpoints to acquire administrator rights or steal authentication information, and reports of endpoint attacks have been increasing considerably. Advanced persistent threats (APTs) using various novel variant malicious codes are a form of a sophisticated attack. However, conventional commercial antivirus and anti-malware systems that use signature-based attack detection methods cannot satisfactorily respond to such attacks. In this paper, we propose a method that expands the detection coverage in APT attack environments. In this model, an open-source threat detector and log collector are used synergistically to improve threat detection performance. Extending the scope of attack log collection through interworking between highly accessible open-source tools can efficiently increase the detection coverage of tactics and techniques used to deal with APT attacks, as defined by MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). We implemented an attack environment using an APT attack scenario emulator called Carbanak and analyzed the detection coverage of Google Rapid Response (GRR), an open-source threat detection tool, and Graylog, an open-source log collector. The proposed method expanded the detection coverage against MITRE ATT&CK by approximately 11% compared with that conventional methods.

show abstract

“…Attack detection and coverage analysis were feasible during all APT attack stages. [137] Semi-supervised Learning and Complex Networks Characteristics Identifies a susceptible host from a network of hosts suspected of participating in APT activities. [138] Clustering Algorithms Uses suitable clustering approaches such as APRIORI, K-means, and Hunt's algorithm to identify sophisticated APTs.…”

Section: Pc Graph2vec Algorithm and Deep Learningmentioning

confidence: 99%

“…A revolutionary framework for state-based detection was introduced, through which each process and file is represented as a well-designed data structure for real-time, long-term detection. For the first time, a study of open-source EDR enabled attack detection and coverage analysis for all APT attack phases, as defined by MITRE ATT&CK [137].…”

Section: Mitre Frameworkmentioning

confidence: 99%

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

2023

View full text Add to dashboard Cite

Advanced persistent threat (APT) refers to a specific form of targeted attack used by a well-organized and skilled adversary to remain undetected while systematically and continuously exfiltrating sensitive data. Various APT attack vectors exist, including social engineering techniques such as spear phishing, watering holes, SQL injection, and application repackaging. Various sensors and services are essential for a smartphone to assist in user behavior that involves sensitive information. Resultantly, smartphones have become the main target of APT attacks. Due to the vulnerability of smartphone sensors, several challenges have emerged, including the inadequacy of current methods for detecting APTs. Nevertheless, several existing APT solutions, strategies, and implementations have failed to provide comprehensive solutions. Detecting APT attacks remains challenging due to the lack of attention given to human behavioral factors contributing to APTs, the ambiguity of APT attack trails, and the absence of a clear attack fingerprint. In addition, there is a lack of studies using game theory or fuzzy logic as an artificial intelligence (AI) strategy for detecting APT attacks on smartphone sensors, besides the limited understanding of the attack that may be employed due to the complex nature of APT attacks. Accordingly, this study aimed to deliver a systematic review to report on the extant research concerning APT detection for mobile sensors, applications, and user behavior. The study presents an overview of works performed between 2012 and 2023. In total, 1351 papers were reviewed during the primary search. Subsequently, these papers were processed according to their titles, abstracts, and contents. The resulting papers were selected to address the research questions. A conceptual framework is proposed to incorporate the situational awareness model in line with adopting game theory as an AI technique used to generate APT-based tactics, techniques, and procedures (TTPs) and normal TTPs and cognitive decision making. This framework enhances security awareness and facilitates the detection of APT attacks on smartphone sensors, applications, and user behavior. It supports researchers in exploring the most significant papers on APTs related to mobile sensors, services, applications, and detection techniques using AI.

show abstract

Performance Evaluation of Open-Source Endpoint Detection and Response Combining Google Rapid Response and Osquery for Threat Detection

Cited by 13 publications

References 15 publications

Comprehensive Analysis of Endpoint Security Strategies, Technologies and Challenges

Comprehensive Analysis of Endpoint Security Strategies, Technologies and Challenges

An Effective Threat Detection Framework for Advanced Persistent Cyberattacks

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

Contact Info

Product

Resources

About