HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment - Archive ouverte HAL Access content directly
Conference Papers Year : 2018

HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment

(1) , (2) , (3) , (3) , (3) , (3) , (3) , (4) , (4) , (1) , (5) , (5) , (1)
1
2
3
4
5
Quentin Goux
Morgan Allard
  • Function : Author
  • PersonId : 1063908

Abstract

The advent of massive and highly heterogeneous information systems poses major challenges to professionals responsible for IT security. The huge amount of monitoring data currently being generated means that no human being or group of human beings can cope with their analysis. Furthermore, fully automated tools still lack the ability to track the associated events in a fine-grained and reliable way. Here, we propose the HuMa framework for detailed and reliable analysis of large amounts of data for security purposes. HuMa uses a multi-analysis approach to study complex security events in a large set of logs. It is organized around three layers: the event layer, the context and attack pattern layer, and the assessment layer. We describe the framework components and the set of complementary algorithms for security assessment. We also provide an evaluation of the contribution of the context and attack pattern layer to security investigation.
Fichier principal
Vignette du fichier
huma.pdf (1.04 Mo) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02460272 , version 1 (29-01-2020)

Identifiers

Cite

Julio Navarro, Véronique Legrand, Sofiane Lagraa, Jérôme François, Abdelkader Lahmadi, et al.. HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment. 10th international symposium on foundations and practice of security, Oct 2017, Nancy, France. pp.144-159, ⟨10.1007/978-3-319-75650-9_10⟩. ⟨hal-02460272⟩
82 View
287 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More