The huge number of alerts generated by network-based defense systems prevents detailed manual inspections of security events. Existing proposals for automatic alerts analysis work well in relatively stable and homogeneous environments, but in modern networks, that are characterized by extremely complex and dynamic behaviors, understanding which approaches can be effective requires exploratory data analysis and descriptive modeling. We propose a novel framework for automatically investigating temporal trends and patterns of security alerts with the goal of understanding whether and which anomaly detection approaches can be adopted for identifying relevant security events. Several examples referring to a real large network show that, despite the high intrinsic dynamism of the system, the proposed framework is able to extract relevant descriptive statistics that allow to determine the effectiveness of popular anomaly detection approaches on different alerts groups.

Exploratory security analytics for anomaly detection / Pierazzi, Fabio; Casolari, Sara; Colajanni, Michele; Marchetti, Mirco. - In: COMPUTERS & SECURITY. - ISSN 0167-4048. - 56:(2016), pp. 28-49. [10.1016/j.cose.2015.10.003]

Exploratory security analytics for anomaly detection

PIERAZZI, FABIO;CASOLARI, Sara;COLAJANNI, Michele;MARCHETTI, Mirco
2016

Abstract

The huge number of alerts generated by network-based defense systems prevents detailed manual inspections of security events. Existing proposals for automatic alerts analysis work well in relatively stable and homogeneous environments, but in modern networks, that are characterized by extremely complex and dynamic behaviors, understanding which approaches can be effective requires exploratory data analysis and descriptive modeling. We propose a novel framework for automatically investigating temporal trends and patterns of security alerts with the goal of understanding whether and which anomaly detection approaches can be adopted for identifying relevant security events. Several examples referring to a real large network show that, despite the high intrinsic dynamism of the system, the proposed framework is able to extract relevant descriptive statistics that allow to determine the effectiveness of popular anomaly detection approaches on different alerts groups.
2016
56
28
49
Exploratory security analytics for anomaly detection / Pierazzi, Fabio; Casolari, Sara; Colajanni, Michele; Marchetti, Mirco. - In: COMPUTERS & SECURITY. - ISSN 0167-4048. - 56:(2016), pp. 28-49. [10.1016/j.cose.2015.10.003]
Pierazzi, Fabio; Casolari, Sara; Colajanni, Michele; Marchetti, Mirco
File in questo prodotto:
File Dimensione Formato  
POST PRINT_Exploratory security analytics for anomaly detection.pdf

Open access

Tipologia: Versione dell'autore revisionata e accettata per la pubblicazione
Dimensione 898.72 kB
Formato Adobe PDF
898.72 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1107529
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 25
  • ???jsp.display-item.citation.isi??? 12
social impact