Toward situational awareness in threat detection. A survey
The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data‐driven detection strategies have become incre...
Gespeichert in:
| Veröffentlicht in: | WIREs. Forensic science 2022-07, Vol.4 (4), p.e1448-n/a |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | n/a |
|---|---|
| container_issue | 4 |
| container_start_page | e1448 |
| container_title | WIREs. Forensic science |
| container_volume | 4 |
| creator | Rendall, Kieran Mylonas, Alexios Vidalis, Stilianos |
| description | The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data‐driven detection strategies have become increasingly mainstream. The relevant literature includes many works that leverage open‐source datasets, supervised learning or, less commonly, unsupervised learning. However, advanced network attacks' spatial and temporal characteristics prove standalone threat detection systems inadequate, especially for detecting a multi‐stage attack and often stealthy techniques. Moreover, attackers have been demonstrating adversarial effects that are caused by deception and contaminating data‐driven methods with adversarial learning. For these reasons, recent research in threat detection is moving away from commonly, and often obsolete, datasets as well as adopting more multi‐layered decision strategies. As such, this article provides a comprehensive review of decision strategies. We also examine their ability to support cyber situational awareness (CSA), providing to security analysts CSA properties such as situation assessment and system refinement.
This article is categorized under:
Digital and Multimedia Science > Cyber Threat Intelligence
Graphical shows the radial cycle of processes to achieve CSA in threat detection. |
| doi_str_mv | 10.1002/wfs2.1448 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2688937508</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2688937508</sourcerecordid><originalsourceid>FETCH-LOGICAL-c1878-4ee5b4282ad3deec6eedee87022939bb18da8022bca67be435a8dcba313f22043</originalsourceid><addsrcrecordid>eNp1kEtLw0AUhQdRsNQu_AcDrlwknVeSG3elWBUKLqy4HCbJDabEpM4khvx7J8aFG1fnPr57uBxCrjkLOWNiPZROhFwpOCMLESUySFUM53_qS7Jy7sg8y5VIIliQu0M7GFtQV3W96aq2MTU1foINOkerhnbvFk1HC-wwn_Yh3VDX2y8cr8hFaWqHq19dktfd_WH7GOyfH562m32Qc0ggUIhRpgQIU8gCMY8RvUDChEhlmmUcCgO-yXITJxkqGRko8sxILkshmJJLcjP7nmz72aPr9LHtrX_UaREDpDKJGHjqdqZy2zpnsdQnW30YO2rO9JSOntLRUzqeXc_sUNU4_g_qt92L-Ln4Bm8KZig</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2688937508</pqid></control><display><type>article</type><title>Toward situational awareness in threat detection. A survey</title><source>Access via Wiley Online Library</source><creator>Rendall, Kieran ; Mylonas, Alexios ; Vidalis, Stilianos</creator><creatorcontrib>Rendall, Kieran ; Mylonas, Alexios ; Vidalis, Stilianos</creatorcontrib><description>The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data‐driven detection strategies have become increasingly mainstream. The relevant literature includes many works that leverage open‐source datasets, supervised learning or, less commonly, unsupervised learning. However, advanced network attacks' spatial and temporal characteristics prove standalone threat detection systems inadequate, especially for detecting a multi‐stage attack and often stealthy techniques. Moreover, attackers have been demonstrating adversarial effects that are caused by deception and contaminating data‐driven methods with adversarial learning. For these reasons, recent research in threat detection is moving away from commonly, and often obsolete, datasets as well as adopting more multi‐layered decision strategies. As such, this article provides a comprehensive review of decision strategies. We also examine their ability to support cyber situational awareness (CSA), providing to security analysts CSA properties such as situation assessment and system refinement.
This article is categorized under:
Digital and Multimedia Science > Cyber Threat Intelligence
Graphical shows the radial cycle of processes to achieve CSA in threat detection.</description><identifier>ISSN: 2573-9468</identifier><identifier>EISSN: 2573-9468</identifier><identifier>DOI: 10.1002/wfs2.1448</identifier><language>eng</language><publisher>Hoboken, USA: John Wiley & Sons, Inc</publisher><subject>cyber situational awareness ; Deception ; ensemble ; Infrastructure ; Intelligence ; intrusion detection ; Learning ; machine learning ; Multimedia ; multi‐layered ; Threats</subject><ispartof>WIREs. Forensic science, 2022-07, Vol.4 (4), p.e1448-n/a</ispartof><rights>2021 Wiley Periodicals LLC.</rights><rights>2022 Wiley Periodicals LLC.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c1878-4ee5b4282ad3deec6eedee87022939bb18da8022bca67be435a8dcba313f22043</cites><orcidid>0000-0002-1195-7962 ; 0000-0001-8819-5831</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://onlinelibrary.wiley.com/doi/pdf/10.1002%2Fwfs2.1448$$EPDF$$P50$$Gwiley$$H</linktopdf><linktohtml>$$Uhttps://onlinelibrary.wiley.com/doi/full/10.1002%2Fwfs2.1448$$EHTML$$P50$$Gwiley$$H</linktohtml><link.rule.ids>314,780,784,1417,27924,27925,45574,45575</link.rule.ids></links><search><creatorcontrib>Rendall, Kieran</creatorcontrib><creatorcontrib>Mylonas, Alexios</creatorcontrib><creatorcontrib>Vidalis, Stilianos</creatorcontrib><title>Toward situational awareness in threat detection. A survey</title><title>WIREs. Forensic science</title><description>The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data‐driven detection strategies have become increasingly mainstream. The relevant literature includes many works that leverage open‐source datasets, supervised learning or, less commonly, unsupervised learning. However, advanced network attacks' spatial and temporal characteristics prove standalone threat detection systems inadequate, especially for detecting a multi‐stage attack and often stealthy techniques. Moreover, attackers have been demonstrating adversarial effects that are caused by deception and contaminating data‐driven methods with adversarial learning. For these reasons, recent research in threat detection is moving away from commonly, and often obsolete, datasets as well as adopting more multi‐layered decision strategies. As such, this article provides a comprehensive review of decision strategies. We also examine their ability to support cyber situational awareness (CSA), providing to security analysts CSA properties such as situation assessment and system refinement.
This article is categorized under:
Digital and Multimedia Science > Cyber Threat Intelligence
Graphical shows the radial cycle of processes to achieve CSA in threat detection.</description><subject>cyber situational awareness</subject><subject>Deception</subject><subject>ensemble</subject><subject>Infrastructure</subject><subject>Intelligence</subject><subject>intrusion detection</subject><subject>Learning</subject><subject>machine learning</subject><subject>Multimedia</subject><subject>multi‐layered</subject><subject>Threats</subject><issn>2573-9468</issn><issn>2573-9468</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><recordid>eNp1kEtLw0AUhQdRsNQu_AcDrlwknVeSG3elWBUKLqy4HCbJDabEpM4khvx7J8aFG1fnPr57uBxCrjkLOWNiPZROhFwpOCMLESUySFUM53_qS7Jy7sg8y5VIIliQu0M7GFtQV3W96aq2MTU1foINOkerhnbvFk1HC-wwn_Yh3VDX2y8cr8hFaWqHq19dktfd_WH7GOyfH562m32Qc0ggUIhRpgQIU8gCMY8RvUDChEhlmmUcCgO-yXITJxkqGRko8sxILkshmJJLcjP7nmz72aPr9LHtrX_UaREDpDKJGHjqdqZy2zpnsdQnW30YO2rO9JSOntLRUzqeXc_sUNU4_g_qt92L-Ln4Bm8KZig</recordid><startdate>202207</startdate><enddate>202207</enddate><creator>Rendall, Kieran</creator><creator>Mylonas, Alexios</creator><creator>Vidalis, Stilianos</creator><general>John Wiley & Sons, Inc</general><general>Wiley Subscription Services, Inc</general><scope>AAYXX</scope><scope>CITATION</scope><scope>8BJ</scope><scope>FQK</scope><scope>JBE</scope><orcidid>https://orcid.org/0000-0002-1195-7962</orcidid><orcidid>https://orcid.org/0000-0001-8819-5831</orcidid></search><sort><creationdate>202207</creationdate><title>Toward situational awareness in threat detection. A survey</title><author>Rendall, Kieran ; Mylonas, Alexios ; Vidalis, Stilianos</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c1878-4ee5b4282ad3deec6eedee87022939bb18da8022bca67be435a8dcba313f22043</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>cyber situational awareness</topic><topic>Deception</topic><topic>ensemble</topic><topic>Infrastructure</topic><topic>Intelligence</topic><topic>intrusion detection</topic><topic>Learning</topic><topic>machine learning</topic><topic>Multimedia</topic><topic>multi‐layered</topic><topic>Threats</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Rendall, Kieran</creatorcontrib><creatorcontrib>Mylonas, Alexios</creatorcontrib><creatorcontrib>Vidalis, Stilianos</creatorcontrib><collection>CrossRef</collection><collection>International Bibliography of the Social Sciences (IBSS)</collection><collection>International Bibliography of the Social Sciences</collection><collection>International Bibliography of the Social Sciences</collection><jtitle>WIREs. Forensic science</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Rendall, Kieran</au><au>Mylonas, Alexios</au><au>Vidalis, Stilianos</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Toward situational awareness in threat detection. A survey</atitle><jtitle>WIREs. Forensic science</jtitle><date>2022-07</date><risdate>2022</risdate><volume>4</volume><issue>4</issue><spage>e1448</spage><epage>n/a</epage><pages>e1448-n/a</pages><issn>2573-9468</issn><eissn>2573-9468</eissn><abstract>The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data‐driven detection strategies have become increasingly mainstream. The relevant literature includes many works that leverage open‐source datasets, supervised learning or, less commonly, unsupervised learning. However, advanced network attacks' spatial and temporal characteristics prove standalone threat detection systems inadequate, especially for detecting a multi‐stage attack and often stealthy techniques. Moreover, attackers have been demonstrating adversarial effects that are caused by deception and contaminating data‐driven methods with adversarial learning. For these reasons, recent research in threat detection is moving away from commonly, and often obsolete, datasets as well as adopting more multi‐layered decision strategies. As such, this article provides a comprehensive review of decision strategies. We also examine their ability to support cyber situational awareness (CSA), providing to security analysts CSA properties such as situation assessment and system refinement.
This article is categorized under:
Digital and Multimedia Science > Cyber Threat Intelligence
Graphical shows the radial cycle of processes to achieve CSA in threat detection.</abstract><cop>Hoboken, USA</cop><pub>John Wiley & Sons, Inc</pub><doi>10.1002/wfs2.1448</doi><tpages>31</tpages><orcidid>https://orcid.org/0000-0002-1195-7962</orcidid><orcidid>https://orcid.org/0000-0001-8819-5831</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2573-9468 |
| ispartof | WIREs. Forensic science, 2022-07, Vol.4 (4), p.e1448-n/a |
| issn | 2573-9468 2573-9468 |
| language | eng |
| recordid | cdi_proquest_journals_2688937508 |
| source | Access via Wiley Online Library |
| subjects | cyber situational awareness Deception ensemble Infrastructure Intelligence intrusion detection Learning machine learning Multimedia multi‐layered Threats |
| title | Toward situational awareness in threat detection. A survey |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-19T06%3A06%3A10IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Toward%20situational%20awareness%20in%20threat%20detection.%20A%20survey&rft.jtitle=WIREs.%20Forensic%20science&rft.au=Rendall,%20Kieran&rft.date=2022-07&rft.volume=4&rft.issue=4&rft.spage=e1448&rft.epage=n/a&rft.pages=e1448-n/a&rft.issn=2573-9468&rft.eissn=2573-9468&rft_id=info:doi/10.1002/wfs2.1448&rft_dat=%3Cproquest_cross%3E2688937508%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2688937508&rft_id=info:pmid/&rfr_iscdi=true |