Reference : Process mining-based approach for investigating malicious login events
Scientific journals : Article
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/43588
Process mining-based approach for investigating malicious login events
English
Lagraa, Sofiane mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
State, Radu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
2020
EEE/IFIP Network Operations and Management Symposium
Yes
International
[en] A large body of research has been accomplished on
prevention and detection of malicious events, attacks, threats, or
botnets. However, there is a lack of automatic and sophisticated
methods for investigating malicious events/users, understanding
the root cause of attacks, and discovering what is really hap-
pening before an attack. In this paper, we propose an attack
model discovery approach for investigating and mining malicious
authentication events across user accounts. The approach is based
on process mining techniques on event logs reaching attacks in
order to extract the behavior of malicious users. The evaluation
is performed on a publicly large dataset, where we extract models
of the behavior of malicious users via authentication events. The
results are useful for security experts in order to improve defense
tools by making them robust and develop attack simulations.
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/43588

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
PID6402799.pdfPublisher postprint208.24 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.