Causal Connections Mining Within Security Event Logs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Performing both security vulnerability assessment and configuration processes are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event log provides historical information depicting potential security threats, as well as recording configuration activities. In this paper, a novel technique is developed that can process security event logs on a computer that has been assessed and configured by a security professional, and autonomously establish causality amongst event log entries to learn performed configuration tasks. This extracted knowledge can then be exploited by non-professionals to plan steps that can improve the security of a previously unseen system
Original languageEnglish
Title of host publicationProceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017)
PublisherAssociation for Computing Machinery (ACM)
Number of pages4
ISBN (Electronic)9781450355537
DOIs
Publication statusPublished - 4 Dec 2017
Event9th International Conference on Knowledge Capture - Hilton Garden Inn Convention Center, Austin, United States
Duration: 4 Dec 20176 Dec 2017
Conference number: 9
https://k-cap2017.org/ (Link to Conference Website)

Conference

Conference9th International Conference on Knowledge Capture
Abbreviated titleK-CAP 2017
CountryUnited States
CityAustin
Period4/12/176/12/17
Internet address

Cite this

Khan, S., & Parkinson, S. (2017). Causal Connections Mining Within Security Event Logs. In Proceedings of the 9th International Conference on Knowledge Capture (K-CAP), (Austin, TX: 4-6 December 2017) [38] Association for Computing Machinery (ACM). https://doi.org/10.1145/3148011.3154476