Skip to Main content Skip to Navigation
Conference papers

Forensic Analysis of Network Attacks: Restructuring Security Events as Graphs and Identifying Strongly Connected Sub-graphs

Abstract : When analyzing the security of activities in a highly distributed system, an analyst faces a huge number of events, mainly coming from network supervision mechanisms. To analyze this huge amount of information, the analyst often starts from an indicator of compromise (IoC), an observable that suggests that a compromise may have occurred, and looks for the information related to this IoC as it could help to explain the related security incident. This approach is referred to as forensic analysis. In this paper, we propose an approach to treat automatically network events to provide the analyst with a new way to determine the subset of information related to a given IoC. This approach relies firstly on the generation of graphs between so-called "Security Objects" that are built from the logged network events, and secondly on the automatic processing of these graphs based on graphs communities analysis.
Complete list of metadatas

Cited literature [33 references]  Display  Hide  Download

https://hal.inria.fr/hal-02950490
Contributor : Ludovic Mé <>
Submitted on : Monday, September 28, 2020 - 8:57:23 AM
Last modification on : Saturday, October 3, 2020 - 3:56:33 AM

File

WTMC2020.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02950490, version 1

Citation

Laetitia Leichtnam, Eric Totel, Nicolas Prigent, Ludovic Mé. Forensic Analysis of Network Attacks: Restructuring Security Events as Graphs and Identifying Strongly Connected Sub-graphs. International Workshop on Traffic Measurements for Cybersecurity (WTMC), Sep 2020, Genova, Italy. ⟨hal-02950490⟩

Share

Metrics

Record views

28

Files downloads

153