Other formats:
BibTeX
LaTeX
RIS
@inproceedings{46288, author = {Husák, Martin}, address = {San Antonio}, booktitle = {2021 IEEE International Conference on Intelligence and Security Informatics (ISI)}, doi = {http://dx.doi.org/10.1109/ISI53945.2021.9624774}, keywords = {ransomware;incident handling;lateral movement;recommender system}, howpublished = {elektronická verze "online"}, language = {eng}, location = {San Antonio}, isbn = {978-1-6654-3838-4}, pages = {1-6}, publisher = {IEEE}, title = {Towards a Data-Driven Recommender System for Handling Ransomware and Similar Incidents}, url = {https://ieeexplore.ieee.org/abstract/document/9624774}, year = {2021} }
TY - JOUR ID - 46288 AU - Husák, Martin PY - 2021 TI - Towards a Data-Driven Recommender System for Handling Ransomware and Similar Incidents PB - IEEE CY - San Antonio SN - 9781665438384 KW - ransomware;incident handling;lateral movement;recommender system UR - https://ieeexplore.ieee.org/abstract/document/9624774 N2 - Effective triage is of utmost importance for cybersecurity incident response, namely in handling ransomware or similar incidents in which the attacker may use self-propagating worms, infected files, or email attachments to spread malware. If a device is infected, it is vital to know which other devices can be infected too or are immediately threatened. The number and heterogeneity of devices in today's network complicate situational awareness of incident handlers, and, thus, we propose a recommender system that uses network monitoring data to prioritize devices in the network based on their similarity and proximity to an already infected device. The system enumerates devices in close proximity in terms of physical and logical network topology and sorts them by their similarity given by the similarity of their behavioral profile, fingerprint, or common history. The incident handlers can use the recommendation to promptly prevent malware from spreading or trace the attacker's lateral movement. ER -
HUSÁK, Martin. Towards a Data-Driven Recommender System for Handling Ransomware and Similar Incidents. Online. In \textit{2021 IEEE International Conference on Intelligence and Security Informatics (ISI)}. San Antonio: IEEE, 2021, p.~1-6. ISBN~978-1-6654-3838-4. Available from: https://dx.doi.org/10.1109/ISI53945.2021.9624774.
|