Heterogeneous Security Events Prioritization Using Auto-encoders
Autor: | Eric Totel, Sylvain Navers, Alexandre Dey |
---|---|
Rok vydání: | 2021 |
Předmět: |
Focus (computing)
Artificial neural network business.industry Computer science Event (computing) 02 engineering and technology Intrusion detection system computer.software_genre Software 020204 information systems 0202 electrical engineering electronic engineering information engineering Information system 020201 artificial intelligence & image processing Anomaly detection Data mining Cluster analysis business computer |
Zdroj: | Lecture Notes in Computer Science ISBN: 9783030688868 CRiSIS |
Popis: | In a large monitored information system, analysts are confronted with a huge number of heterogeneous events or alerts produced by audit mechanisms or Intrusion Detection Systems. Even though they can use SIEM software to collect and analyse these events (In this paper we call events all events or alerts produced by the monitoring processes), detecting previously unknown threats is tedious. Event prioritization tools can help the analyst focus on potentially anomalous events. To compute a measure of priority among events, we propose in this paper to define the notion of an anomaly score for each attribute of the analyzed events and a method for regrouping events in clusters to reduce the number of alerts the analysts have to qualify. The anomaly score is computed using neural networks (i.e., auto-encoders) trained on a normal dataset of events, and then used to provide the analyst with the information of the difference between normal learned events and the events actually produced by the monitoring system. Additionally, the auto-encoders also provide a way to regroup similar events via clustering. |
Databáze: | OpenAIRE |
Externí odkaz: |