Eliciting and utilising knowledge for security event log analysis: An association rule mining and automated planning approach

作者:

Highlights:

• Generating object-based models of Microsoft Windows event logs for analysis.

• Using temporal-association rule mining to generate chains of related events.

• Encoding chains of events into PDDL domain models for automated planning.

• Extracting action plan traces for vulnerable machines using the expert knowledge.

• Provisioning expert knowledge to non-experts with reasonable performance and accuracy.

摘要

•Generating object-based models of Microsoft Windows event logs for analysis.•Using temporal-association rule mining to generate chains of related events.•Encoding chains of events into PDDL domain models for automated planning.•Extracting action plan traces for vulnerable machines using the expert knowledge.•Provisioning expert knowledge to non-experts with reasonable performance and accuracy.

论文关键词:Security event logs,Association rule mining,Temporal ordering,Automated knowledge acquisition,Automated planning

论文评审过程:Received 22 January 2018, Revised 4 June 2018, Accepted 2 July 2018, Available online 3 July 2018, Version of Record 8 July 2018.

论文官网地址:https://doi.org/10.1016/j.eswa.2018.07.006