all InfoSec news
Dynamically Modelling Heterogeneous Higher-Order Interactions for Malicious Behavior Detection in Event Logs. (arXiv:2103.15708v2 [cs.CR] UPDATED)
cs.CR updates on arXiv.org arxiv.org
Anomaly detection in event logs is a promising approach for intrusion
detection in enterprise networks. By building a statistical model of usual
activity, it aims to detect multiple kinds of malicious behavior, including
stealthy tactics, techniques and procedures (TTPs) designed to evade
signature-based detection systems. However, finding suitable anomaly detection
methods for event logs remains an important challenge. This results from the
very complex, multi-faceted nature of the data: event logs are not only
combinatorial, but also temporal and heterogeneous …
behavior detection detection event event logs higher logs malicious malicious behavior order