This paper proposes an innovative framework for the early detection of several cyber attacks, where the main component is an analytics core that gathers streams of raw data generated by network probes, builds several layer models representing different activities of internal hosts, analyzes intra-layer and inter-layer information. The online analysis of internal network activities at different levels distinguishes our approach with respect to most detection tools and algorithms focusing on separate network levels or interactions between internal and external hosts. Moreover, the integrated multi-layer analysis carried out through parallel processing reduces false positives and guarantees scalability with respect to the size of the network and the number of layers. As a further contribution, the proposed framework executes autonomous triage by assigning a risk score to each internal host. This key feature allows security experts to focus their attention on the few hosts with higher scores rather than wasting time on thousands of daily alerts and false alarms.

Scalable architecture for online prioritization of cyber threats / Pierazzi, Fabio; Apruzzese, Giovanni; Colajanni, Michele; Guido, Alessandro; Marchetti, Mirco. - 2017-:(2017), pp. 1-18. ((Intervento presentato al convegno 9th International Conference on Cyber Conflict: Defending the Core, CyCon 2017 tenutosi a Tallin, Estonia nel June 2017 [10.23919/CYCON.2017.8240337].

Scalable architecture for online prioritization of cyber threats

Fabio, Pierazzi;Giovanni, Apruzzese;Michele, Colajanni;Alessandro, Guido;Mirco, Marchetti
2017

Abstract

This paper proposes an innovative framework for the early detection of several cyber attacks, where the main component is an analytics core that gathers streams of raw data generated by network probes, builds several layer models representing different activities of internal hosts, analyzes intra-layer and inter-layer information. The online analysis of internal network activities at different levels distinguishes our approach with respect to most detection tools and algorithms focusing on separate network levels or interactions between internal and external hosts. Moreover, the integrated multi-layer analysis carried out through parallel processing reduces false positives and guarantees scalability with respect to the size of the network and the number of layers. As a further contribution, the proposed framework executes autonomous triage by assigning a risk score to each internal host. This key feature allows security experts to focus their attention on the few hosts with higher scores rather than wasting time on thousands of daily alerts and false alarms.
giu-2017
9th International Conference on Cyber Conflict: Defending the Core, CyCon 2017
Tallin, Estonia
June 2017
2017-
1
18
Pierazzi, Fabio; Apruzzese, Giovanni; Colajanni, Michele; Guido, Alessandro; Marchetti, Mirco
Scalable architecture for online prioritization of cyber threats / Pierazzi, Fabio; Apruzzese, Giovanni; Colajanni, Michele; Guido, Alessandro; Marchetti, Mirco. - 2017-:(2017), pp. 1-18. ((Intervento presentato al convegno 9th International Conference on Cyber Conflict: Defending the Core, CyCon 2017 tenutosi a Tallin, Estonia nel June 2017 [10.23919/CYCON.2017.8240337].
File in questo prodotto:
File Dimensione Formato  
cycon17_review_v16.pdf

accesso aperto

Descrizione: Articolo principale
Tipologia: Post-print dell'autore (bozza post referaggio)
Dimensione 1.13 MB
Formato Adobe PDF
1.13 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11380/1149178
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? 2
social impact