HeteMSD: A Big Data Analytics Framework for Targeted Cyber-Attacks Detection Using Heterogeneous Multisource Data

In the current enterprise network environment, multistep targeted cyber-attacks with concealment and advanced characteristics have become the main threat. Multisource security data are the prerequisite of targeted cyber-attacks detection. However, these data have characters of heterogeneity and semantic diversity, and existing attack detection methods do not take comprehensive data sources into account. Identifying and predicting attack intention from heterogeneous noisy data can be meaningful work. In this paper, we first review different data fusion mechanisms of correlating heterogeneous multisource data. On this basis, we propose a big data analytics framework for targeted cyber-attacks detection and give the basic idea of correlation analysis. Our approach will offer the ability to correlate multisource heterogeneous security data and analyze attack intention effectively.

[1]  Muhammad Salman Khan,et al.  A Cognitive and Concurrent Cyber Kill Chain Model , 2018, Computer and Network Security Essentials.

[3]  Xiaoying Gan,et al.  An Intelligence-Driven Security-Aware Defense Mechanism for Advanced Persistent Threats , 2019, IEEE Transactions on Information Forensics and Security.

[4]  Danna Zhou,et al.  d. , 1934, Microbial pathogenesis.

[5]  A. Zients Andy , 2003 .

[6]  Ian Herwono,et al.  A System for Detecting Targeted Cyber-Attacks Using Attack Patterns , 2017, ICISSP.

[7]  Pierre Parrend,et al.  A systematic survey on multi-step attack detection , 2018, Comput. Secur..

[8]  Biswanath Mukherjee,et al.  A system for distributed intrusion detection , 1991, COMPCON Spring '91 Digest of Papers.

[9]  Peng Gao,et al.  AIQL: Enabling Efficient Attack Investigation from System Monitoring Data , 2018, USENIX Annual Technical Conference.

[10]  Taghi M. Khoshgoftaar,et al.  Intrusion detection and Big Heterogeneous Data: a Survey , 2015, Journal of Big Data.

[11]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[12]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[13]  Mu Zhang,et al.  Towards a Timely Causality Analysis for Enterprise Security , 2018, NDSS.

[14]  Yu Zheng,et al.  Methodologies for Cross-Domain Data Fusion: An Overview , 2015, IEEE Transactions on Big Data.

[15]  Edgar Toshiro Yano,et al.  Towards a Framework to Detect Multi-stage Advanced Persistent Threats Attacks , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[16]  Michele Colajanni,et al.  Countering Advanced Persistent Threats through security intelligence and big data analytics , 2016, 2016 8th International Conference on Cyber Conflict (CyCon).

[17]  Olivier Festor,et al.  HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment , 2017, FPS.