Conference Proceedings

Speculating incident zone system on local area networks

WTMC 2018 - Proceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity, Part of SIGCOMM 2018 (2018) 40-45
DOI: 10.1145/3229598.3229603
0Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Triage process in the incident handling lacks the ability to assess overall risks to modern cyber attacks. Zoning of local area networks by measuring internal network traffic in response to such risks is important. Therefore, we propose a SPeculating INcident Zone (SPINZ) system for supporting the triage process. The SPINZ analyzes internal network flows and outputs an incident zone, which is composed of devices related to the incident. We evaluate the performance of the SPINZ through simulations using incident flow datasets generated from internal traffic open data and lateral movement traffic. As a result, we confirm that the SPINZ has the capability to detect an incident zone, but removing unrelated devices from an incident zone is an issue to be further investigated.

Author supplied keywords

Cite

CITATION STYLE

APA

Hasumi, D., Shima, S., & Takakura, H. (2018). Speculating incident zone system on local area networks. In WTMC 2018 - Proceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity, Part of SIGCOMM 2018 (pp. 40–45). Association for Computing Machinery. https://doi.org/10.1145/3229598.3229603

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free