Situational awareness through reasoning on network incidents

Anna Cinzia Squicciarini, Giuseppe Petracca, William Horne, Aurnob Nath

Research output: Contribution to conferencePaperpeer-review

10 Scopus citations

Abstract

Corporations worldwide work with teams of often dedicated system administrators to maintain, detect and prevent network infringements. This is a highly user-driven process that consumes hundreds (if not thousands) of man hours yearly. User reporting, the basis of most of these incident detection systems suffers from various biases and leads to below-par security measures. In the paper, we provide an approach for near real-time analysis of ongoing events on controlled networks, while requiring no end-user interaction and saving on system administrator's effort. Our proposed solution, ReasONets, a lightweight, distributed system, provides situational awareness in case of network incidents. ReasONets combines aspects of anomaly detection with Case- Based Reasoning (CBR) methodologies to reason about ongoing security events in a network, including their nature, severity and sources. We build a fully running prototype of ReasONets, to demonstrate the accuracy of the system, in doing reasoning and inference on the network status by exploiting events and network features. To the best of our knowledge, ReasONets is the fist of its kind system combining detection and classification of network events with realtime reasoning while being capable of scaling up to large network sizes.

Original languageEnglish (US)
Pages111-122
Number of pages12
DOIs
StatePublished - 2014
Event4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States
Duration: Mar 3 2014Mar 5 2014

Other

Other4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014
Country/TerritoryUnited States
CitySan Antonio, TX
Period3/3/143/5/14

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint

Dive into the research topics of 'Situational awareness through reasoning on network incidents'. Together they form a unique fingerprint.

Cite this