Expert knowledge and data analysis for detecting advanced persistent threats
Juan Ramón Moya; Noemí DeCastro-García; Ramón-Ángel Fernández-Díaz; Jorge Lorenzana Tamargo
Open Mathematics (2017)
- Volume: 15, Issue: 1, page 1108-1122
- ISSN: 2391-5455
Access Full Article
topAbstract
topHow to cite
topJuan Ramón Moya, et al. "Expert knowledge and data analysis for detecting advanced persistent threats." Open Mathematics 15.1 (2017): 1108-1122. <http://eudml.org/doc/288548>.
@article{JuanRamónMoya2017,
abstract = {Critical Infrastructures in public administration would be compromised by Advanced Persistent Threats (APT) which today constitute one of the most sophisticated ways of stealing information. This paper presents an effective, learning based tool that uses inductive techniques to analyze the information provided by firewall log files in an IT infrastructure, and detect suspicious activity in order to mark it as a potential APT. The experiments have been accomplished mixing real and synthetic data traffic to represent different proportions of normal and anomalous activity.},
author = {Juan Ramón Moya, Noemí DeCastro-García, Ramón-Ángel Fernández-Díaz, Jorge Lorenzana Tamargo},
journal = {Open Mathematics},
keywords = {Advanced persistent threat; Cybersecurity; Data mining; Expert knowledge},
language = {eng},
number = {1},
pages = {1108-1122},
title = {Expert knowledge and data analysis for detecting advanced persistent threats},
url = {http://eudml.org/doc/288548},
volume = {15},
year = {2017},
}
TY - JOUR
AU - Juan Ramón Moya
AU - Noemí DeCastro-García
AU - Ramón-Ángel Fernández-Díaz
AU - Jorge Lorenzana Tamargo
TI - Expert knowledge and data analysis for detecting advanced persistent threats
JO - Open Mathematics
PY - 2017
VL - 15
IS - 1
SP - 1108
EP - 1122
AB - Critical Infrastructures in public administration would be compromised by Advanced Persistent Threats (APT) which today constitute one of the most sophisticated ways of stealing information. This paper presents an effective, learning based tool that uses inductive techniques to analyze the information provided by firewall log files in an IT infrastructure, and detect suspicious activity in order to mark it as a potential APT. The experiments have been accomplished mixing real and synthetic data traffic to represent different proportions of normal and anomalous activity.
LA - eng
KW - Advanced persistent threat; Cybersecurity; Data mining; Expert knowledge
UR - http://eudml.org/doc/288548
ER -
NotesEmbed ?
topTo embed these notes on your page include the following JavaScript code on your page where you want the notes to appear.