Causal Connections Mining Within Security Event Logs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system
Original languageEnglish
Title of host publicationProceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017)
PublisherAssociation for Computing Machinery (ACM)
Number of pages4
ISBN (Electronic)9781450355537
DOIs
Publication statusPublished - 4 Dec 2017
Event9th International Conference on Knowledge Capture - Hilton Garden Inn Convention Center, Austin, United States
Duration: 4 Dec 20176 Dec 2017
Conference number: 9
https://k-cap2017.org/ (Link to Conference Website)

Conference

Conference9th International Conference on Knowledge Capture
Abbreviated titleK-CAP 2017
CountryUnited States
CityAustin
Period4/12/176/12/17
Internet address

Cite this

Khan, S., & Parkinson, S. (2017). Causal Connections Mining Within Security Event Logs. In Proceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017) [38] Association for Computing Machinery (ACM). https://doi.org/10.1145/3148011.3154476
Khan, Saad ; Parkinson, Simon. / Causal Connections Mining Within Security Event Logs. Proceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017). Association for Computing Machinery (ACM), 2017.
@inproceedings{4551724f16fe4e16b1d0a59026d9dbfe,
title = "Causal Connections Mining Within Security Event Logs",
abstract = "Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system",
keywords = "Knowledge extraction, Automated, Association, Causal",
author = "Saad Khan and Simon Parkinson",
year = "2017",
month = "12",
day = "4",
doi = "10.1145/3148011.3154476",
language = "English",
booktitle = "Proceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017)",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

Khan, S & Parkinson, S 2017, Causal Connections Mining Within Security Event Logs. in Proceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017)., 38, Association for Computing Machinery (ACM), 9th International Conference on Knowledge Capture, Austin, United States, 4/12/17. https://doi.org/10.1145/3148011.3154476

Causal Connections Mining Within Security Event Logs. / Khan, Saad; Parkinson, Simon.

Proceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017). Association for Computing Machinery (ACM), 2017. 38.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Causal Connections Mining Within Security Event Logs

AU - Khan, Saad

AU - Parkinson, Simon

PY - 2017/12/4

Y1 - 2017/12/4

N2 - Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system

AB - Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system

KW - Knowledge extraction

KW - Automated

KW - Association

KW - Causal

UR - https://dl.acm.org/event.cfm?id=RE112

U2 - 10.1145/3148011.3154476

DO - 10.1145/3148011.3154476

M3 - Conference contribution

BT - Proceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017)

PB - Association for Computing Machinery (ACM)

ER -

Khan S, Parkinson S. Causal Connections Mining Within Security Event Logs. In Proceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017). Association for Computing Machinery (ACM). 2017. 38 https://doi.org/10.1145/3148011.3154476