[go: up one dir, main page]

Raftopoulos et al., 2013 - Google Patents

A quality metric for IDS signatures: in the wild the size matters

Raftopoulos et al., 2013

View HTML @Full View
Document ID
13745725514751519536
Author
Raftopoulos E
Dimitropoulos X
Publication year
Publication venue
EURASIP Journal on Information Security

External Links

Snippet

The manual forensics investigation of security incidents is an opaque process that involves the collection and correlation of diverse evidence. In this work we first conduct a complex experiment to expand our understanding of forensics analysis processes. During a period of …
Continue reading at link.springer.com (HTML) (other versions)

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment

Similar Documents

Publication Publication Date Title
US11323469B2 (en) Entity group behavior profiling
Apruzzese et al. The role of machine learning in cybersecurity
US10855700B1 (en) Post-intrusion detection of cyber-attacks during lateral movement within networks
Oprea et al. Made: Security analytics for enterprise threat detection
US10200384B1 (en) Distributed systems and methods for automatically detecting unknown bots and botnets
Anderson et al. Deciphering malware’s use of TLS (without decryption)
US10601848B1 (en) Cyber-security system and method for weak indicator detection and correlation to generate strong indicators
Vinayakumar et al. Scalable framework for cyber threat situational awareness based on domain name systems data analysis
Oprea et al. Detection of early-stage enterprise infection by mining large-scale log data
US10469514B2 (en) Collaborative and adaptive threat intelligence for computer security
US10129270B2 (en) Apparatus, system and method for identifying and mitigating malicious network threats
US20230283641A1 (en) Dynamic cybersecurity scoring using traffic fingerprinting and risk score improvement
Juárez et al. WTF-PAD: toward an efficient website fingerprinting defense for tor
Lamprakis et al. Unsupervised detection of APT C&C channels using web request graphs
Jiang et al. Novel intrusion prediction mechanism based on honeypot log similarity
US10721148B2 (en) System and method for botnet identification
Raftopoulos et al. A quality metric for IDS signatures: in the wild the size matters
Raftopoulos et al. Understanding network forensics analysis in an operational environment
Raftopoulos et al. IDS alert correlation in the wild with EDGe
US20250039242A1 (en) Kill-chain reconstruction
US20240430287A1 (en) System and method for locating dga compromised ip addresses
Alageel et al. Earlycrow: Detecting apt malware command and control over http (s) using contextual summaries
Li An empirical analysis on threat intelligence: Data characteristics and real-world uses
Süren et al. I see EK: A lightweight technique to reveal exploit kit family by overall URL patterns of infection chains
Sqalli et al. Classifying malicious activities in Honeynets using entropy and volume‐based thresholds