The Experts below are selected from a list of 3507 Experts worldwide ranked by ideXlab platform
Hossein Saiedian - One of the best experts on this subject based on the ideXlab platform.
-
improving siem alert metadata aggregation with a novel Kill Chain based classification model
Computers & Security, 2020Co-Authors: Blake D Bryant, Hossein SaiedianAbstract:Abstract Today’s information networks face increasingly sophisticated and persistent threats, where new threat tools and vulnerability exploits often outpace advancements in intrusion detection systems. Current detection systems often create too many alerts, which contain insufficient data for analysts. As a result, the vast majority of alerts are ignored, contributing to security breaches that might otherwise have been prevented. Security Information and Event Management (SIEM) software is a recent development designed to improve alert volume and content by correlating data from multiple sensors. However, insufficient SIEM configuration has thus far limited the promise of SIEM software for improving intrusion detection. The focus of our research is the implementation of a hybrid Kill-Chain framework as a novel configuration of SIEM software. Our research resulted in a new log ontology capable of normalizing security sensor data in accordance with modern threat research. New SIEM correlation rules were developed using the new log ontology, and the effectiveness of the new configuration was tested against a baseline configuration. The novel configuration was shown to improve detection rates, give more descriptive alerts, and lower the number of false positive alerts.
-
a novel Kill Chain framework for remote security log analysis with siem software
Computers & Security, 2017Co-Authors: Blake D Bryant, Hossein SaiedianAbstract:Network security investigations pose many challenges to security analysts attempting to identify the root cause of security alarms or incidents. Analysts are often presented with cases where either incomplete information is present, or an overwhelming amount of information is presented in a disorganized manner. Either scenario greatly impacts the ability for incident responders to properly identify and react to security incidents when they occur. The framework presented in this paper draws upon previous research pertaining to cyber threat modeling with Kill-Chains, as well as the practical application of threat modeling to forensic. Modifications were made to conventional Kill-Chain models to facilitate logical data aggregation within a relational database collecting data across disparate remote sensors resulting in more detailed alarms to security analysts. The framework developed in this paper proved effective in identifying the relationship of security alarms along a continuum of expected behaviors conducive to executing security investigations in a methodical manner. This framework effectively addressed incomplete or inadequate alarm information through aggregation, and provided a methodology for organizing related data and conducting standard investigations. Both improvements proved instrumental in the effective identification of security threats in a more expeditious manner.
Blake D Bryant - One of the best experts on this subject based on the ideXlab platform.
-
improving siem alert metadata aggregation with a novel Kill Chain based classification model
Computers & Security, 2020Co-Authors: Blake D Bryant, Hossein SaiedianAbstract:Abstract Today’s information networks face increasingly sophisticated and persistent threats, where new threat tools and vulnerability exploits often outpace advancements in intrusion detection systems. Current detection systems often create too many alerts, which contain insufficient data for analysts. As a result, the vast majority of alerts are ignored, contributing to security breaches that might otherwise have been prevented. Security Information and Event Management (SIEM) software is a recent development designed to improve alert volume and content by correlating data from multiple sensors. However, insufficient SIEM configuration has thus far limited the promise of SIEM software for improving intrusion detection. The focus of our research is the implementation of a hybrid Kill-Chain framework as a novel configuration of SIEM software. Our research resulted in a new log ontology capable of normalizing security sensor data in accordance with modern threat research. New SIEM correlation rules were developed using the new log ontology, and the effectiveness of the new configuration was tested against a baseline configuration. The novel configuration was shown to improve detection rates, give more descriptive alerts, and lower the number of false positive alerts.
-
a novel Kill Chain framework for remote security log analysis with siem software
Computers & Security, 2017Co-Authors: Blake D Bryant, Hossein SaiedianAbstract:Network security investigations pose many challenges to security analysts attempting to identify the root cause of security alarms or incidents. Analysts are often presented with cases where either incomplete information is present, or an overwhelming amount of information is presented in a disorganized manner. Either scenario greatly impacts the ability for incident responders to properly identify and react to security incidents when they occur. The framework presented in this paper draws upon previous research pertaining to cyber threat modeling with Kill-Chains, as well as the practical application of threat modeling to forensic. Modifications were made to conventional Kill-Chain models to facilitate logical data aggregation within a relational database collecting data across disparate remote sensors resulting in more detailed alarms to security analysts. The framework developed in this paper proved effective in identifying the relationship of security alarms along a continuum of expected behaviors conducive to executing security investigations in a methodical manner. This framework effectively addressed incomplete or inadequate alarm information through aggregation, and provided a methodology for organizing related data and conducting standard investigations. Both improvements proved instrumental in the effective identification of security threats in a more expeditious manner.
Bartosz Blaicke - One of the best experts on this subject based on the ideXlab platform.
-
Artificial Intelligence in Cybersecurity: The Use of AI Along the Cyber Kill Chain
Computational Collective Intelligence, 2019Co-Authors: Iwona Chomiak-orsa, Artur Rot, Bartosz BlaickeAbstract:The current challenge with defense against cyberattacks is that the speed and quantity of threats often outpace human-centered cyber defense capabilities. That is why a new Artificial Intelligence driven approach may enhance the effectiveness of security controls. However, it can also be used by adversaries to create more sophisticated and adaptable attack mechanisms. Distinguishing three key AI capabilities (knowledge acquisition, human-like perception and decision making), the goal of this paper is to assert where within the cyber Kill Chain have AI capabilities already been applied, and which phase holds the greatest near-term potential given recent developments and publications. Based on literature review, authors see the strongest potential for deploying AI capabilities during the reconnaissance, intrusion, privilege escalation and data exfiltration steps of the cyber Kill Chain with other uses being deployed in the remaining steps.
Raymond M Bateman - One of the best experts on this subject based on the ideXlab platform.
-
characterizing the landscape of covid 19 themed cyberattacks and defenses
arXiv: Cryptography and Security, 2021Co-Authors: Mir Mehedi Ahsan Pritom, Kristin M Schweitzer, Raymond M BatemanAbstract:COVID-19 (Coronavirus) hit the global society and economy with a big surprise. In particular, work-from-home has become a new norm for employees. Despite the fact that COVID-19 can equally attack innocent people and cybercriminals, it is ironic to see surges in cyberattacks leveraging COVID-19 as a theme, dubbed COVID-19 themed cyberattacks or COVID-19 attacks for short, which represent a new phenomenon that has yet to be systematically understood. In this paper, we make the first step towards fully characterizing the landscape of these attacks, including their sophistication via the Cyber Kill Chain model. We also explore the solution space of defenses against these attacks.
-
characterizing the landscape of covid 19 themed cyberattacks and defenses
Intelligence and Security Informatics, 2020Co-Authors: Mir Mehedi Ahsan Pritom, Kristin M Schweitzer, Raymond M BatemanAbstract:COVID-19 (Coronavirus) hit the global society and economy with a big surprise. In particular, work-from-home has become a new norm for employees. Despite the fact that COVID-19 can equally attack innocent people and cyber criminals, it is ironic to see surges in cyberattacks leveraging COVID-19 as a theme, dubbed COVID-19 themed cyberattacks or COVID-19 attacks for short, which represent a new phenomenon that has yet to be systematically understood. In this paper, we make a first step towards fully characterizing the landscape of these attacks, including their sophistication via the Cyber Kill Chain model. We also explore the solution space of defenses against these attacks.
Iwona Chomiak-orsa - One of the best experts on this subject based on the ideXlab platform.
-
Artificial Intelligence in Cybersecurity: The Use of AI Along the Cyber Kill Chain
Computational Collective Intelligence, 2019Co-Authors: Iwona Chomiak-orsa, Artur Rot, Bartosz BlaickeAbstract:The current challenge with defense against cyberattacks is that the speed and quantity of threats often outpace human-centered cyber defense capabilities. That is why a new Artificial Intelligence driven approach may enhance the effectiveness of security controls. However, it can also be used by adversaries to create more sophisticated and adaptable attack mechanisms. Distinguishing three key AI capabilities (knowledge acquisition, human-like perception and decision making), the goal of this paper is to assert where within the cyber Kill Chain have AI capabilities already been applied, and which phase holds the greatest near-term potential given recent developments and publications. Based on literature review, authors see the strongest potential for deploying AI capabilities during the reconnaissance, intrusion, privilege escalation and data exfiltration steps of the cyber Kill Chain with other uses being deployed in the remaining steps.
