Visible to the public Beyond Data: Contextual Information Fusion for Cyber Security Analytics

TitleBeyond Data: Contextual Information Fusion for Cyber Security Analytics
Publication TypeConference Paper
Year of Publication2016
AuthorsAlEroud, Ahmed, Karabatis, George
Conference NameProceedings of the 31st Annual ACM Symposium on Applied Computing
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3739-7
Keywordscomposability, Context, IDS, information fusion, Intrusion detection, Intrusion Detection System (IDS), Intrusion Detection Systems, pubcrawl, Resiliency, security
Abstract

A major challenge of the existing attack detection approaches is the identification of relevant information to a particular situation, and the use of such information to perform multi-evidence intrusion detection. Addressing such a limitation requires integrating several aspects of context to better predict, avoid and respond to impending attacks. The quality and adequacy of contextual information is important to decrease uncertainty and correctly identify potential cyber-attacks. In this paper, a systematic methodology has been used to identify contextual dimensions that improve the effectiveness of detecting cyber-attacks. This methodology combines graph, probability, and information theories to create several context-based attack prediction models that analyze data at a high- and low-level. An extensive validation of our approach has been performed using a prototype system and several benchmark intrusion detection datasets yielding very promising results.

URLhttp://doi.acm.org/10.1145/2851613.2851636
DOI10.1145/2851613.2851636
Citation Keyaleroud_beyond_2016