Speculating Incident Zone System on Local Area Networks
| Title | Speculating Incident Zone System on Local Area Networks |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Hasumi, Daichi, Shima, Shigeyoshi, Takakura, Hiroki |
| Conference Name | Proceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5910-8 |
| Keywords | anomaly detection, composability, cyber security, incident handling, pubcrawl, Triage |
| Abstract | Triage process in the incident handling lacks the ability to assess overall risks to modern cyber attacks. Zoning of local area networks by measuring internal network traffic in response to such risks is important. Therefore, we propose a SPeculating INcident Zone (SPINZ) system for supporting the triage process. The SPINZ analyzes internal network flows and outputs an incident zone, which is composed of devices related to the incident. We evaluate the performance of the SPINZ through simulations using incident flow datasets generated from internal traffic open data and lateral movement traffic. As a result, we confirm that the SPINZ has the capability to detect an incident zone, but removing unrelated devices from an incident zone is an issue to be further investigated. |
| URL | https://dl.acm.org/citation.cfm?doid=3229598.3229603 |
| DOI | 10.1145/3229598.3229603 |
| Citation Key | hasumi_speculating_2018 |