Expert knowledge and data analysis for detecting advanced persistent threats
Juan Ramón Moya ; Noemí DeCastro-García ; Ramón-Ángel Fernández-Díaz ; Jorge Lorenzana Tamargo
Open Mathematics, Tome 15 (2017), p. 1108-1122 / Harvested from The Polish Digital Mathematics Library
Access to full text
Full (PDF)

Critical Infrastructures in public administration would be compromised by Advanced Persistent Threats (APT) which today constitute one of the most sophisticated ways of stealing information. This paper presents an effective, learning based tool that uses inductive techniques to analyze the information provided by firewall log files in an IT infrastructure, and detect suspicious activity in order to mark it as a potential APT. The experiments have been accomplished mixing real and synthetic data traffic to represent different proportions of normal and anomalous activity.

Publié le : 2017-01-01
EUDML-ID : urn:eudml:doc:288548 
@article{bwmeta1.element.doi-10_1515_math-2017-0094,
     author = {Juan Ram\'on Moya and Noem\'\i\ DeCastro-Garc\'\i a and Ram\'on-\'Angel Fern\'andez-D\'\i az and Jorge Lorenzana Tamargo},
     title = {Expert knowledge and data analysis for detecting advanced persistent threats},
     journal = {Open Mathematics},
     volume = {15},
     year = {2017},
     pages = {1108-1122},
     language = {en},
     url = {http://dml.mathdoc.fr/item/bwmeta1.element.doi-10_1515_math-2017-0094}
}

Juan Ramón Moya; Noemí DeCastro-García; Ramón-Ángel Fernández-Díaz; Jorge Lorenzana Tamargo. Expert knowledge and data analysis for detecting advanced persistent threats. Open Mathematics, Tome 15 (2017) pp. 1108-1122. http://gdmltest.u-ga.fr/item/bwmeta1.element.doi-10_1515_math-2017-0094/