Cyber indicators of compromise: a domain ontology for security information and event management
Rowell, Marsha D.
MetadataShow full item record
It has been said that cyber attackers are attacking at wire speed (very fast), while cyber defenders are defending at human speed (very slow). Researchers have been working to improve this asymmetry by automating a greater portion of what has traditionally been very labor-intensive work. This work is involved in both the monitoring of live system events (to detect attacks), and the review of historical system events (to investigate attacks). One technology that is helping to automate this work is Security Information and Event Management (SIEM). In short, SIEM technology works by aggregating log information, and then sifting through this information looking for event correlations that are highly indicative of attack activity. For example: Administrator successful local logon and (concurrently) Administrator successful remote logon. Such correlations are sometimes referred to as indicators of compromise (IOCs). Though IOCs for network-based data (i.e., packet headers and payload) are fairly mature (e.g., Snort's large rule-base), the field of end-device IOCs is still evolving and lacks any well-defined go-to standard accepted by all. This report addresses ontological issues pertaining to end-device IOCs development, including what they are, how they are defined, and what dominant early standards already exist.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Desouza, Kevin C.; Roy, Sumit; Lin, Yuan (2008-06);Taking an information-processing view of organizations, we address the need for building a robust set of performance measures for Edge Organizations (EOs). Alberts and Hayes in Power to the Edge: Command, Control in the ...
Valued information at the right time (VIRT) and the Navy's cooperative engagement capability (CEC) - a win/win proposition Acevedo, Rafael A. (Monterey, California. Naval Postgraduate School, 2006-03);In this thesis I examine the theory of Valued Information at the Right Time (VIRT) and the benefits its implementation can provide to the Navy's best example of accurate information-sharing, the Cooperative Engagement ...
Reneker, Maxine; Jacobson, Ann; Wargo, Linda; Spink, Amanda (1999);The Naval Postgraduate School (NPS) is a military university educating officers from the United States and 40 foreign countries. To investigate the NPS information environment a large study obtained data on the range of ...