Asset risk scoring in enterprise network with mutually reinforced reputation propagation

Xin Hu, Ting Wang, Marc Ph Stoecklin, Douglas L. Schales, Jiyong Jang, Reiner Sailer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Cyber security attacks are becoming ever more frequent and sophisticated. Enterprises often deploy several security protection mechanisms, such as anti-virus software, intrusion detection prevention systems, and firewalls, to protect their critical assets against emerging threats. Unfortunately, these protection systems are typically 'noisy', e.g., regularly generating thousands of alerts every day. Plagued by false positives and irrelevant events, it is often neither practical nor cost-effective to analyze and respond to every single alert. The main challenge faced by enterprises is to extract important information from the plethora of alerts and to infer potential risks to their critical assets. A better understanding of risks will facilitate effective resource allocation and prioritization of further investigation. In this paper, we present MUSE, a system that analyzes a large number of alerts and derives risk scores by correlating diverse entities in an enterprise network. Instead of considering a risk as an isolated and static property, MUSE models the dynamics of a risk based on the mutual reinforcement principle. We evaluate MUSE with real-world network traces and alerts from a large enterprise network, and demonstrate its efficacy in risk assessment and flexibility in incorporating a wide variety of data sets.

Original languageEnglish (US)
Title of host publicationProceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages61-64
Number of pages4
ISBN (Electronic)9781479951031
DOIs
StatePublished - Nov 13 2014
Event2014 IEEE Computer Society's Security and Privacy Workshops, SPW 2014 - San Jose, United States
Duration: May 17 2014May 18 2014

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
Volume2014-January
ISSN (Print)1081-6011

Conference

Conference2014 IEEE Computer Society's Security and Privacy Workshops, SPW 2014
CountryUnited States
CitySan Jose
Period5/17/145/18/14

Fingerprint

Industry
Computer viruses
Computer system firewalls
Intrusion detection
Risk assessment
Resource allocation
Reinforcement
Computer systems
Costs

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Cite this

Hu, X., Wang, T., Stoecklin, M. P., Schales, D. L., Jang, J., & Sailer, R. (2014). Asset risk scoring in enterprise network with mutually reinforced reputation propagation. In Proceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014 (pp. 61-64). [6957286] (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2014-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SPW.2014.18
Hu, Xin ; Wang, Ting ; Stoecklin, Marc Ph ; Schales, Douglas L. ; Jang, Jiyong ; Sailer, Reiner. / Asset risk scoring in enterprise network with mutually reinforced reputation propagation. Proceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 61-64 (Proceedings - IEEE Symposium on Security and Privacy).
@inproceedings{04a7e9f41ad748b98dc15de0e8c43e34,
title = "Asset risk scoring in enterprise network with mutually reinforced reputation propagation",
abstract = "Cyber security attacks are becoming ever more frequent and sophisticated. Enterprises often deploy several security protection mechanisms, such as anti-virus software, intrusion detection prevention systems, and firewalls, to protect their critical assets against emerging threats. Unfortunately, these protection systems are typically 'noisy', e.g., regularly generating thousands of alerts every day. Plagued by false positives and irrelevant events, it is often neither practical nor cost-effective to analyze and respond to every single alert. The main challenge faced by enterprises is to extract important information from the plethora of alerts and to infer potential risks to their critical assets. A better understanding of risks will facilitate effective resource allocation and prioritization of further investigation. In this paper, we present MUSE, a system that analyzes a large number of alerts and derives risk scores by correlating diverse entities in an enterprise network. Instead of considering a risk as an isolated and static property, MUSE models the dynamics of a risk based on the mutual reinforcement principle. We evaluate MUSE with real-world network traces and alerts from a large enterprise network, and demonstrate its efficacy in risk assessment and flexibility in incorporating a wide variety of data sets.",
author = "Xin Hu and Ting Wang and Stoecklin, {Marc Ph} and Schales, {Douglas L.} and Jiyong Jang and Reiner Sailer",
year = "2014",
month = "11",
day = "13",
doi = "10.1109/SPW.2014.18",
language = "English (US)",
series = "Proceedings - IEEE Symposium on Security and Privacy",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "61--64",
booktitle = "Proceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014",
address = "United States",

}

Hu, X, Wang, T, Stoecklin, MP, Schales, DL, Jang, J & Sailer, R 2014, Asset risk scoring in enterprise network with mutually reinforced reputation propagation. in Proceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014., 6957286, Proceedings - IEEE Symposium on Security and Privacy, vol. 2014-January, Institute of Electrical and Electronics Engineers Inc., pp. 61-64, 2014 IEEE Computer Society's Security and Privacy Workshops, SPW 2014, San Jose, United States, 5/17/14. https://doi.org/10.1109/SPW.2014.18

Asset risk scoring in enterprise network with mutually reinforced reputation propagation. / Hu, Xin; Wang, Ting; Stoecklin, Marc Ph; Schales, Douglas L.; Jang, Jiyong; Sailer, Reiner.

Proceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 61-64 6957286 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2014-January).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Asset risk scoring in enterprise network with mutually reinforced reputation propagation

AU - Hu, Xin

AU - Wang, Ting

AU - Stoecklin, Marc Ph

AU - Schales, Douglas L.

AU - Jang, Jiyong

AU - Sailer, Reiner

PY - 2014/11/13

Y1 - 2014/11/13

N2 - Cyber security attacks are becoming ever more frequent and sophisticated. Enterprises often deploy several security protection mechanisms, such as anti-virus software, intrusion detection prevention systems, and firewalls, to protect their critical assets against emerging threats. Unfortunately, these protection systems are typically 'noisy', e.g., regularly generating thousands of alerts every day. Plagued by false positives and irrelevant events, it is often neither practical nor cost-effective to analyze and respond to every single alert. The main challenge faced by enterprises is to extract important information from the plethora of alerts and to infer potential risks to their critical assets. A better understanding of risks will facilitate effective resource allocation and prioritization of further investigation. In this paper, we present MUSE, a system that analyzes a large number of alerts and derives risk scores by correlating diverse entities in an enterprise network. Instead of considering a risk as an isolated and static property, MUSE models the dynamics of a risk based on the mutual reinforcement principle. We evaluate MUSE with real-world network traces and alerts from a large enterprise network, and demonstrate its efficacy in risk assessment and flexibility in incorporating a wide variety of data sets.

AB - Cyber security attacks are becoming ever more frequent and sophisticated. Enterprises often deploy several security protection mechanisms, such as anti-virus software, intrusion detection prevention systems, and firewalls, to protect their critical assets against emerging threats. Unfortunately, these protection systems are typically 'noisy', e.g., regularly generating thousands of alerts every day. Plagued by false positives and irrelevant events, it is often neither practical nor cost-effective to analyze and respond to every single alert. The main challenge faced by enterprises is to extract important information from the plethora of alerts and to infer potential risks to their critical assets. A better understanding of risks will facilitate effective resource allocation and prioritization of further investigation. In this paper, we present MUSE, a system that analyzes a large number of alerts and derives risk scores by correlating diverse entities in an enterprise network. Instead of considering a risk as an isolated and static property, MUSE models the dynamics of a risk based on the mutual reinforcement principle. We evaluate MUSE with real-world network traces and alerts from a large enterprise network, and demonstrate its efficacy in risk assessment and flexibility in incorporating a wide variety of data sets.

UR - http://www.scopus.com/inward/record.url?scp=84939535470&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84939535470&partnerID=8YFLogxK

U2 - 10.1109/SPW.2014.18

DO - 10.1109/SPW.2014.18

M3 - Conference contribution

AN - SCOPUS:84939535470

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 61

EP - 64

BT - Proceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Hu X, Wang T, Stoecklin MP, Schales DL, Jang J, Sailer R. Asset risk scoring in enterprise network with mutually reinforced reputation propagation. In Proceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 61-64. 6957286. (Proceedings - IEEE Symposium on Security and Privacy). https://doi.org/10.1109/SPW.2014.18