An Improved Method of Incident Detection due to Cyber Attacks

Document Type : Original Article

Authors

-

Abstract

Human errors in design and configuration of networks and systems are potentials for attacks. Security Operation Center often used in wide networks, is a solution for continuous monitoring and detection, and human workers have key role in it. Through study of visualization subject and comparison between commercial samples of SOCs, this paper proposed a method that helping early detection in wide networks. The proposed method (MAPSA) is adding a cyber-attack real-time visualization module in SOC which SOC's analyzers may use it to early decide about modifications requirement in networks. This method leads to human error reduction, growth of personnel's effectiveness and increase in speed of modification. Therefore decreases the effects of attacks on wide networks.

Keywords


Z. Li, Q. Liao, and A. Striegel, Botnet Economics: Uncertainty Matters,” In Managing Information Risk and the Economics of Security, M. E. Johnson, Ed., Boston, Springer US, pp. 245-267, 2009.##
J. Baltazar, J. Costoya, and R. Flores, “The Heart of KOOBFACE C&C and Social Network Propagation,” Trend Micro, Inc., 2009.##
T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling, “Measurements and mitigation of peer-to-peer-based botnets: A case study on stormworm,” In Proceedings of the 1st Usenix Workshop on      Large-Scale Exploits and Emergent Threats, San Francisco, 2008.##
A. Caglayan, M. Toothaker, D. Drapaeau, D. Burke, and G. Eaton, “Behavioral analysis of fast flux service networks,” In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Oak Ridge, 2009.##
D. Andriesse, C. Rossow, B. Stone-Gross, D. Plohmann, and H. Bos, “Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus,” In MALWARE, 2013.##
A. D'Amico, L. Buchanan, D. Kirkpatrick, and P. Walczak, “Cyber Operator Perspectives on Security Visualization,” In Proceedings of the AHFE 2016 International Conference on Human Factors in Cybersecurity, Walt Disney World, Florida, USA, 2016.##
L. Buchanan, A. D'Amico, and D. Kirkpatric, “Mixed method approach to identify analytic questions to be visualized for military cyber incident handlers,” In IEEE Symposium on Visualization for Cyber Security (VizSec), Baltimore, MD, USA, 2016.##
J. Garae and R. K. L. Ko, “Visualization and Data Provenance Trends in Decision Support for Cybersecurity,” Data Analytics and Decision Support for Cybersecurity, pp. 243-270, 2017.##
R. Marty, “Applied Security Visualization,” 1 ed., Boston: Addison Wesley Professional, 2008.##
S. Few, “Information Dashboard Design: The Effective Visual Communication of Data,” 1st ed., C. Wheeler, Ed., O'Reilly, 2006.##
C. Zimmerman, “Ten Strategies of a World-Class Cybersecurity Operations Center,” McLean: MITRE Corporation, 2014.##
Committee on National Security Systems, “Committee on National Security Systems (CNSS) Glossary, CNSSI no. 4009,” Committee on National Security Systems, 2015.##
N. Brownlee and E. Guttmanm, “Expectations for Computer Security Incident Response, RFC 2350,” 1998.##
  • Receive Date: 04 December 2018
  • Revise Date: 04 August 2019
  • Accept Date: 18 June 2019
  • Publish Date: 20 February 2020