KRAKEN: A Knowledge-Based Recommender system for Analysts, to Kick Exploration up a Notch - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2021

KRAKEN: A Knowledge-Based Recommender system for Analysts, to Kick Exploration up a Notch

Résumé

During a computer security investigation, a security analyst has to explore the logs available to understand what happened in the compromised system. For such tasks, visual analysis tools have been developed to help with log exploration. They provide visualisations of aggregated logs, and help navigate data efficiently. However, even using visualisation tools, the task can still be difficult and tiresome. The amount and the numerous dimensions of the logs to analyse, the potential stealthiness and complexity of the attack may end with the analyst missing some parts of an attack. We offer to help the analyst finding the logs where her expertise is needed rapidly and efficiently. We design a recommender system called KRAKEN that links knowledge coming from advanced attack descriptions into a visual analysis tool to suggest exploration paths. KRAKEN confronts real world adversary knowledge with the investigated logs to dynamically provide relevant parts of the dataset to explore. To evaluate KRAKEN we conducted a user study with seven security analysts. Using our system, they investigated a dataset from the DARPA containing different Advanced Persistent Threat attacks. The results and comments of the security analysts show the usability and usefulness of the recommender system.
Fichier principal
Vignette du fichier
KRAKEN.pdf (523.94 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03486546 , version 1 (17-12-2021)

Identifiants

  • HAL Id : hal-03486546 , version 1

Citer

Romain Brisse, Simon Boche, Frédéric Majorczyk, Jean-François Lalande. KRAKEN: A Knowledge-Based Recommender system for Analysts, to Kick Exploration up a Notch. SECITC 2021 - 14th International Conference on Security for Information Technology and Communications, Nov 2021, Virtual, France. pp.1-17. ⟨hal-03486546⟩
156 Consultations
325 Téléchargements

Partager

Gmail Facebook X LinkedIn More