Cristin-resultat-ID: 1671711
Sist endret: 12. mars 2019, 12:29
NVI-rapporteringsår: 2018
Resultat
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
2018

Data-Driven Threat Hunting Using Sysmon

Bidragsytere:
  • Vasileios Mavroeidis og
  • Audun Jøsang

Bok

2018 the 2nd International Conference on Cryptography, Security and Privacy
ISBN:
  • 978-1-4503-6361-7

Utgiver

Association for Computing Machinery (ACM)
NVI-nivå 1

Om resultatet

Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Publiseringsår: 2018
Sider: 82 - 88
ISBN:
  • 978-1-4503-6361-7

Klassifisering

Fagfelt (NPI)

Fagfelt: IKT
- Fagområde: Realfag og teknologi

Beskrivelse Beskrivelse

Tittel

Data-Driven Threat Hunting Using Sysmon

Sammendrag

Threat actors can be persistent, motivated and agile, and they leverage a diversified and extensive set of tactics, techniques, and procedures to attain their goals. In response to that, organizations establish threat intelligence programs to improve their defense capabilities and mitigate risk. Actionable threat intelligence is integrated into security information and event management systems (SIEM) forming a threat intelligence platform. A threat intelligence platform aggregates log data from multiple disparate sources by deploying numerous collection agents and provides centralized analysis and reporting of an organization's security events for identifying malicious activity. Sysmon logs is a data source that has received considerable attention for endpoint visibility. Approaches for threat detection using Sysmon have been proposed mainly focusing on search engines (NoSQL database systems). This paper presents a new automated threat assessment system that relies on the analysis of continuous incoming feeds of Sysmon logs. The system is based on a cyber threat intelligence ontology and analyses Sysmon logs to classify software in different threat levels and augment cyber defensive capabilities through situational awareness, prediction, and automated courses of action.

Bidragsytere

Vasileios Mavroeidis

  • Tilknyttet:
    Forfatter
    ved Forskningsgruppen for programmering og software engineering ved Universitetet i Oslo

Audun Jøsang

  • Tilknyttet:
    Forfatter
    ved Digitale infrastrukturer og sikkerhet ved Universitetet i Oslo
1 - 2 av 2

Resultatet er en del av Resultatet er en del av

2018 the 2nd International Conference on Cryptography, Security and Privacy .

Wang, Yulin. 2018, Association for Computing Machinery (ACM). Vitenskapelig antologi/Konferanseserie
1 - 1 av 1