Skip to Main content Skip to Navigation
Conference papers

Forensic Analysis of Network Attacks: Restructuring Security Events as Graphs and Identifying Strongly Connected Sub-graphs

Abstract : When analyzing the security of activities in a highly distributed system, an analyst faces a huge number of events, mainly coming from network supervision mechanisms. To analyze this huge amount of information, the analyst often starts from an indicator of compromise (IoC), an observable that suggests that a compromise may have occurred, and looks for the information related to this IoC as it could help to explain the related security incident. This approach is referred to as forensic analysis. In this paper, we propose an approach to treat automatically network events to provide the analyst with a new way to determine the subset of information related to a given IoC. This approach relies firstly on the generation of graphs between so-called "Security Objects" that are built from the logged network events, and secondly on the automatic processing of these graphs based on graphs communities analysis.
Complete list of metadata

Cited literature [33 references]  Display  Hide  Download

https://hal.inria.fr/hal-02950490
Contributor : Ludovic Mé Connect in order to contact the contributor
Submitted on : Monday, September 28, 2020 - 8:57:23 AM
Last modification on : Tuesday, October 19, 2021 - 11:04:35 AM
Long-term archiving on: : Thursday, December 3, 2020 - 7:04:30 PM

File

WTMC2020.pdf
Files produced by the author(s)

Identifiers

Citation

Laetitia Leichtnam, Eric Totel, Nicolas Prigent, Ludovic Mé. Forensic Analysis of Network Attacks: Restructuring Security Events as Graphs and Identifying Strongly Connected Sub-graphs. WTMC 2020: 5th International Workshop on Traffic Measurements for Cybersecurity and EuroS&PW 2020: IEEE European Symposium on Security and Privacy Workshops, Sep 2020, Genova, Italy. pp.1-9, ⟨10.1109/EuroSPW51379.2020.00083⟩. ⟨hal-02950490⟩

Share

Metrics

Record views

202

Files downloads

612