Combating advanced persistent threats: From network event correlation to incident detection

2015 ◽  
Vol 48 ◽  
pp. 35-57 ◽  
Author(s):  
Ivo Friedberg ◽  
Florian Skopik ◽  
Giuseppe Settanni ◽  
Roman Fiedler
Keyword(s):  
Incident Detection ◽  
Event Correlation ◽  
Advanced Persistent Threats ◽  
Network Event

AutoCorrel II: a neural network event correlation approach

2007 ◽  
Author(s):  
Maxwell G. Dondo ◽  
Peter Mason ◽  
Nathalie Japkowicz ◽  
Reuben Smith
Keyword(s):  
Neural Network ◽  
Event Correlation ◽  
Network Event

scholarly journals An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors

2021 ◽  
Vol 1 (3) ◽  
pp. 387-421
Author(s):  
George Karantzas ◽  
Constantinos Patsakis
Keyword(s):  
State Of The Art ◽  
Endpoint Detection ◽  
Event Correlation ◽  
Empirical Assessment ◽  
Significant Challenge ◽  
Advanced Persistent Threats ◽  
Response Systems

Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state-of-the-art EDRs fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we discuss methods to tamper with the telemetry providers of EDRs, allowing an adversary to perform a more stealth attack.

AutoCorrel: a neural network event correlation approach

2006 ◽  
Author(s):  
Maxwell G. Dondo ◽  
Nathalie Japkowicz ◽  
Reuben Smith
Keyword(s):  
Neural Network ◽  
Event Correlation ◽  
Network Event
Sign in / Sign up

Export Citation Format

Share Document