Logo des Repositoriums
 

Anomaly Detection in Log Data using Graph Databases and Machine Learning to Defend Advanced Persistent Threats

dc.contributor.authorSchindler, Timo
dc.contributor.editorEibl, Maximilian
dc.contributor.editorGaedke, Martin
dc.date.accessioned2017-08-28T23:47:59Z
dc.date.available2017-08-28T23:47:59Z
dc.date.issued2017
dc.description.abstractAdvanced Persistent Threats (APTs) are a main impendence in cyber security of computer networks. In 2015, a successful breach remains undetected 146 days on average, reported by [Fi16].With our work we demonstrate a feasible and fast way to analyse real world log data to detect breaches or breach attempts. By adapting well-known kill chain mechanisms and a combine of a time series database and an abstracted graph approach, it is possible to create flexible attack profiles. Using this approach, it can be demonstrated that the graph analysis successfully detects simulated attacks by analysing the log data of a simulated computer network. Considering another source for log data, the framework is capable to deliver sufficient performance for analysing real-world data in short time. By using the computing power of the graph database it is possible to identify the attacker and furthermore it is feasible to detect other affected system components. We believe to significantly reduce the detection time of breaches with this approach and react fast to new attack vectors.en
dc.identifier.doi10.18420/in2017_241
dc.identifier.isbn978-3-88579-669-5
dc.identifier.pissn1617-5468
dc.language.isoen
dc.publisherGesellschaft für Informatik, Bonn
dc.relation.ispartofINFORMATIK 2017
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-275
dc.subjectAdvanded Persistent Threat
dc.subjectGraph Database
dc.subjectIntrusion Detection
dc.subjectMachine Learning
dc.subjectSuport Vector Machine
dc.subjectKill Chain
dc.titleAnomaly Detection in Log Data using Graph Databases and Machine Learning to Defend Advanced Persistent Threatsen
gi.citation.endPage2378
gi.citation.startPage2371
gi.conference.date25.-29. September 2017
gi.conference.locationChemnitz
gi.conference.sessiontitleDoktorandensymposium

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
C1-4.pdf
Größe:
470.93 KB
Format:
Adobe Portable Document Format