| Reference : Process mining-based approach for investigating malicious login events |
| Scientific congresses, symposiums and conference proceedings : Paper published in a book | |||
| Engineering, computing & technology : Computer science | |||
| http://hdl.handle.net/10993/43588 | |||
| Process mining-based approach for investigating malicious login events | |
| English | |
Lagraa, Sofiane  [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >] | |
| State, Radu [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >] | |
| 2020 | |
| IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, April 20-24, 2020 | |
| Yes | |
| International | |
| IEEE/IFIP Network Operations and Management Symposium (NOMS) | |
| 20-24 April 2020 | |
| [en] A large body of research has been accomplished on
prevention and detection of malicious events, attacks, threats, or botnets. However, there is a lack of automatic and sophisticated methods for investigating malicious events/users, understanding the root cause of attacks, and discovering what is really hap- pening before an attack. In this paper, we propose an attack model discovery approach for investigating and mining malicious authentication events across user accounts. The approach is based on process mining techniques on event logs reaching attacks in order to extract the behavior of malicious users. The evaluation is performed on a publicly large dataset, where we extract models of the behavior of malicious users via authentication events. The results are useful for security experts in order to improve defense tools by making them robust and develop attack simulations. | |
| Researchers ; Professionals ; Students ; General public | |
| http://hdl.handle.net/10993/43588 |
| File(s) associated to this reference | ||||||||||||||
|
Fulltext file(s):
| ||||||||||||||
All documents in ORBilu are protected by a user license.
