Visible to the public Biblio

Filters: Author is Shima, Shigeyoshi  [Clear All Filters]
2019-12-11
Hasumi, Daichi, Shima, Shigeyoshi, Takakura, Hiroki.  2018.  Speculating Incident Zone System on Local Area Networks. Proceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity. :40–45.

Triage process in the incident handling lacks the ability to assess overall risks to modern cyber attacks. Zoning of local area networks by measuring internal network traffic in response to such risks is important. Therefore, we propose a SPeculating INcident Zone (SPINZ) system for supporting the triage process. The SPINZ analyzes internal network flows and outputs an incident zone, which is composed of devices related to the incident. We evaluate the performance of the SPINZ through simulations using incident flow datasets generated from internal traffic open data and lateral movement traffic. As a result, we confirm that the SPINZ has the capability to detect an incident zone, but removing unrelated devices from an incident zone is an issue to be further investigated.