{"id":651,"date":"2022-11-28T22:21:22","date_gmt":"2022-11-28T22:21:22","guid":{"rendered":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/?p=651"},"modified":"2022-12-11T08:39:46","modified_gmt":"2022-12-11T08:39:46","slug":"threat-detection-and-analysis-using-large-graphs","status":"publish","type":"post","link":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/2022\/11\/28\/threat-detection-and-analysis-using-large-graphs\/","title":{"rendered":"Threat detection and analysis using large graphs"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.16″ global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.18.0″ text_font=”|600|||||||” header_font=”|600|||||||” background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

The project objective is to investigate current and new attack vectors using data from both the traditional security ecosystem and beyond the organization perimeter. Beyond the organization perimeter, there is a wide variety of Internet infrastructure data maintained by third parties and that is accessible through freeware or subscription-based web APIs and repositories, including DNS, WHOIS, BGP routing, IP geolocation, IP\/domains\u2019 blacklist, malware file connection, user\u2019s devices, and users\u2019 digital fingerprints\/footprints.\u00a0 A new graph model called activity and event network (AEN)<\/em> model has been developed to capture and analyze in real-time relevant data from the above sources for the purpose of detecting and analyzing long-term and stealth attacks in computing and Cyberphysical networks.\u00a0<\/span><\/p>\n

The AEN framework uses large dynamic uncertain graphs to model and observe an interrelated network of activities and events over a period and across a broad set of hosts and identify known and hidden attack patterns.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

The project objective is to investigate current and new attack vectors using data from both the traditional security ecosystem and beyond the organization perimeter. Beyond the organization perimeter, there is a wide variety of Internet infrastructure data maintained by third parties and that is accessible through freeware or subscription-based web APIs and repositories, including DNS, […]<\/p>\n","protected":false},"author":17669,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"

The project objective is to investigate current and new attack vectors using data from both the traditional security ecosystem and beyond the organization perimeter. Beyond the organization perimeter, there is a wide variety of Internet infrastructure data maintained by third parties and that is accessible through freeware or subscription-based web APIs and repositories, including DNS, WHOIS, BGP routing, IP geolocation, IP\/domains\u2019 blacklist, malware file connection, user\u2019s devices, and users\u2019 digital fingerprints\/footprints.\u00a0 A new graph model called <\/span>activity and event network (AEN)<\/span><\/i> model has been developed to capture and analyze in real-time relevant data from the above sources for the purpose of detecting and analyzing long-term and stealth attacks in computing and Cyberphysical networks.\u00a0<\/span><\/p>

The AEN framework uses large dynamic uncertain graphs to model and observe an interrelated network of activities and events over a period and across a broad set of hosts and identify known and hidden attack patterns.<\/span><\/p>","_et_gb_content_width":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15,14],"tags":[],"class_list":["post-651","post","type-post","status-publish","format-standard","hentry","category-current-projects","category-research"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/posts\/651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/users\/17669"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/comments?post=651"}],"version-history":[{"count":7,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/posts\/651\/revisions"}],"predecessor-version":[{"id":1016,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/posts\/651\/revisions\/1016"}],"wp:attachment":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/media?parent=651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/categories?post=651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/tags?post=651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}