Causal Connections Mining Within Security Event Logs

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)


Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system
Original languageEnglish
Title of host publicationProceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017)
PublisherAssociation for Computing Machinery (ACM)
Number of pages4
ISBN (Electronic)9781450355537
Publication statusPublished - 4 Dec 2017
Event9th International Conference on Knowledge Capture - Hilton Garden Inn Convention Center, Austin, United States
Duration: 4 Dec 20176 Dec 2017
Conference number: 9 (Link to Conference Website)


Conference9th International Conference on Knowledge Capture
Abbreviated titleK-CAP 2017
Country/TerritoryUnited States
Internet address

Cite this