Issue

Vol. 8, No. 4, November 2023

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Anomaly Detection Analysis with Graph-Based Cyber Threat Hunting Scheme

https://doi.org/10.22219/kinetik.v8i4`.1773
Didit Hari Kuncoro Raharjo
Universitas Indonesia
Muhammad Salman
Universitas Indonesia

Corresponding Author(s) : Didit Hari Kuncoro Raharjo

diditharikuncoro@gmail.com

Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, Vol. 8, No. 4, November 2023

Abstract

As advanced persistence threats become more prevalent and cyber-attacks become more severe, cyber defense analysts will be required to exert greater effort to protect their systems. A continuous defense mechanism is needed to ensure no incidents occur in the system, one of which is cyber threat hunting. To prove that cyber threat hunting is important, this research simulated a cyber-attack that has successfully entered the system but was not detected by the IDS device even though it already has relatively updated rules. Based on the simulation result, this research designed a data correlation model implemented in a graph visualization with enrichment on-demand features to help analysts conduct cyber threat hunting with graph visualization to detect cyber-attacks. The data correlation model developed in this research can overcome this gap and increase the percentage of detection that was originally undetected / 0% by IDS, to be detected by more than 45% and can even be assessed to be 100% detected based on the anomaly pattern that was successfully found.

Keywords

Cyber Threat Hunting Cyber Attack Detection Graph Visualization
Raharjo, D. H. K., & Salman, M. . (2023). Anomaly Detection Analysis with Graph-Based Cyber Threat Hunting Scheme. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 8(4`). https://doi.org/10.22219/kinetik.v8i4`.1773
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX
References
  1. J. Song, H. Takakura, and Y. Kwon, "A generalized feature extraction scheme to detect 0-day attacks via IDS alerts," in 2008 International Symposium on Applications and the Internet, 2008: IEEE, pp. 55-61. https://doi.org/10.1109/SAINT.2008.85
  2. M. Li, W. Huang, Y. Wang, W. Fan, and J. Li, "The study of APT attack stage model," in 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS), 2016: IEEE, pp. 1-5. https://doi.org/10.1109/ICIS.2016.7550947
  3. V. Palacin, Practical Threat Intelligence and Data-Driven Threat Hunting: A Hands-on Guide to Threat Hunting with the ATT&CK"! Framework and Open Source Tools. Packt Publishing Limited, 2021.
  4. R. Bhargava. "How threat hunting enhances cybersecurity -- GCN.".
  5. C. Pace, "The threat intelligence handbook: A practical guide for security teams to unlocking the power of intelligence," Annapolis, CyberEdge Group, 2018.
  6. M. Richter, K. Schwarz, and R. Creutzburg, "Conception and Implementation of Professional Laboratory Exercises in the field of ICS/SCADA Security Part II: Red Teaming and Blue Teaming," Electronic imaging, vol. 2021, no. 3, pp. 74-1-74-13, 2021. https://doi.org/10.2352/ISSN.2470-1173.2021.3.MOBMU-074
  7. J. Rehberger, "Cybersecurity Attacks–Red Team Strategies," ed: Packt Publishing, 2020.
  8. D. H. K. Raharjo, A. Nurmala, R. D. Pambudi, and R. F. Sari, "Performance Evaluation of Intrusion Detection System Performance for Traffic Anomaly Detection Based on Active IP Reputation Rules," in 2022 3rd International Conference on Electrical Engineering and Informatics (ICon EEI), 2022: IEEE, pp. 75-79. https://doi.org/10.1109/IConEEI55709.2022.9972298
  9. D. H. K. Raharjo and S. Muhammad, "ANALYZING SURICATA ALERT DETECTION PERFORMANCE ISSUES BASED ON ACTIVE INDICATOR OF COMPROMISE RULES," Jurnal Teknik Informatika (Jutif), vol. 4, no. 3, pp. 601-610, 06/26 2023. https://doi.org/10.52436/1.jutif.2023.4.3.1013
  10. P. Gao et al., "Enabling efficient cyber threat hunting with cyber threat intelligence," in 2021 IEEE 37th International Conference on Data Engineering (ICDE), 2021: IEEE, pp. 193-204. https://doi.org/10.1109/ICDE51399.2021.00024
  11. F. Skopik, M. Wurzenberger, and M. Landauer, "The Seven Golden Principles of Effective Anomaly-Based Intrusion Detection," IEEE Security & Privacy, vol. 19, no. 05, pp. 36-45, 2021. https://doi.ieeecomputersociety.org/10.1109/MSEC.2021.3090444
  12. A. Oktadika, C. Lim, and K. Erlangga, "Hunting Cyber Threats in the Enterprise Using Network Defense Log," in 2021 9th International Conference on Information and Communication Technology (ICoICT), 2021: IEEE, pp. 528-533. https://doi.org/10.1109/ICoICT52021.2021.9527434
  13. R. Wei, L. Cai, A. Yu, and D. Meng, "DeepHunter: A Graph Neural Network Based Approach for Robust Cyber Threat Hunting," arXiv preprint arXiv:2104.09806, 2021. https://doi.org/10.1007/978-3-030-90019-9_1
  14. S. M. Milajerdi, B. Eshete, R. Gjomemo, and V. Venkatakrishnan, "Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting," in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 1795-1812, doi: https://doi.org/10.1145/3319535.3363217.
  15. M. Bertovič, "Utilization of Threat Intelligence in Information Security," Computing and Information Center, Czech Technical University in Prague., 2017.
  16. H. Almohannadi, I. Awan, J. Al Hamar, A. Cullen, J. P. Disso, and L. Armitage, "Cyber threat intelligence from honeypot data using elasticsearch," in 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), 2018: IEEE, pp. 900-906. https://doi.org/10.1109/AINA.2018.00132
  17. T. Freeman et al., "Graphia: A platform for the graph-based visualisation and analysis of complex data," bioRxiv, 2020. https://doi.org/10.1371/journal.pcbi.1010310
  18. I. Robinson, J. Webber, and E. Eifrem, Graph databases: new opportunities for connected data. " O'Reilly Media, Inc.", 2015.
  19. L. Diederichsen, K.-K. R. Choo, and N.-A. Le-Khac, "A graph database-based approach to analyze network log files," 2019: Springer, pp. 53-73. https://doi.org/10.1007/978-3-030-36938-5_4
  20. T. Schindler, "Anomaly detection in log data using graph databases and machine learning to defend advanced persistent threats," arXiv preprint arXiv:1802.00259, 2018. https://doi.org/10.48550/arXiv.1802.00259
  21. S. Djanali, A. P. BASKORO, H. Studiawan, R. Anggoro, and T. Henning, "CORO: GRAPH-BASED AUTOMATIC INTRUSION DETECTION SYSTEM SIGNATURE GENERATOR FOR E-VOTING PROTECTION," Journal of Theoretical & Applied Information Technology, vol. 81, no. 3, 2015.
  22. P. Neise, "Graph-based event correlation for network security defense," The George Washington University, 2018.
  23. R. Tan, "Zeek Log Recon with Network Graph," SANS Whitepaper, 2020.
  24. A. Ju, Y. Guo, Z. Ye, T. Li, and J. Ma, "Hetemsd: A big data analytics framework for targeted cyber-attacks detection using heterogeneous multisource data," Security and Communication Networks, vol. 2019, 2019. https://doi.org/10.1155/2019/5483918
  25. A. Talaş, F. Pop, and G. Neagu, "Elastic stack in action for smart cities: Making sense of big data," in 2017 13th IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), 2017: IEEE, pp. 469-476. https://doi.org/10.1109/ICCP.2017.8117049
  26. K. Schwarz and R. Creutzburg, "Design of Professional Laboratory Exercises for Effective State-of-the-Art OSINT Investigation Tools-Part 3: Maltego," Electronic Imaging, vol. 2021, no. 3, pp. 45-1-45-23, 2021. https://doi.org/10.2352/ISSN.2470-1173.2021.3.MOBMU-045
  27. P. Kral, "The incident handlers handbook," Sans Institute, 2011.
  28. S. Larson and D. Blackford. "Cobalt Strike: Favorite Tool from APT to Crimeware | Proofpoint US." @proofpoint.
  29. H. J. Hejase, H. F. Fayyad-Kazan, and I. Moukadem, "Advanced persistent threats (apt): an awareness review," Journal of Economics and Economic Education Research, vol. 21, no. 6, pp. 1-8, 2020.
Read More
Author biographies is not available.
Download this PDF file
PDF
Statistic
Read Counter : 21 Download : 16

Downloads

Download data is not yet available.