Cloud forensics solutions, on the rise, favor preventive mechanisms with the introduction of intelligent and proactive ones to keep pace with an increasing number of events occurring every moment. Most existing methods for preventive mechanisms rely on static rule-based or signature-based mechanisms that are not adaptive to emerging threats. Conventional Security Information and Event Management (SIEM) systems gather security data from all available sources but encourage alert fatigue by excessive false positives and failure to prioritize security events according to dynamic risk scenarios. Unable, too, to use existing predictive threat intelligence, most forensic frameworks prevent timely and efficient redress against sophisticated multi-step cyberattacks. To counter those identified limitations, this research presents a Recommendation-Based Cloud Forensics Framework for Pre-Emptive Detection of Security Events. This framework introduces five novel and capable aids to enhance the real-time detection, alerting, and decision-making processes with respect to threats. The first is Context-Aware Security Event Prioritization Engine (CAPE), which applies fuzzy logic-based adaptive risk assessment to a reduction in false positives and with higher attention to critical threats. The second one is Adaptive Graph-Based Threat Correlation Model (AGTC), which can dynamically cluster related security events by utilizing graph neural networks (GNNs) and contrastive learning to achieve time reduction in attack correlation. Bayesian Pre-Emptive Attack Predictor (BPAP) works on the basis of applying Bayesian inference to predict the possible future steps of an attack to decrease in response timestamp.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Design of an Improved Model for Recommendation-Based Cloud Forensics Using Adaptive Threat Correlation and Pre-Emptive Attack Predictions

  • Kavita A. Kathane,
  • Virendra K. Sharma

摘要

Cloud forensics solutions, on the rise, favor preventive mechanisms with the introduction of intelligent and proactive ones to keep pace with an increasing number of events occurring every moment. Most existing methods for preventive mechanisms rely on static rule-based or signature-based mechanisms that are not adaptive to emerging threats. Conventional Security Information and Event Management (SIEM) systems gather security data from all available sources but encourage alert fatigue by excessive false positives and failure to prioritize security events according to dynamic risk scenarios. Unable, too, to use existing predictive threat intelligence, most forensic frameworks prevent timely and efficient redress against sophisticated multi-step cyberattacks. To counter those identified limitations, this research presents a Recommendation-Based Cloud Forensics Framework for Pre-Emptive Detection of Security Events. This framework introduces five novel and capable aids to enhance the real-time detection, alerting, and decision-making processes with respect to threats. The first is Context-Aware Security Event Prioritization Engine (CAPE), which applies fuzzy logic-based adaptive risk assessment to a reduction in false positives and with higher attention to critical threats. The second one is Adaptive Graph-Based Threat Correlation Model (AGTC), which can dynamically cluster related security events by utilizing graph neural networks (GNNs) and contrastive learning to achieve time reduction in attack correlation. Bayesian Pre-Emptive Attack Predictor (BPAP) works on the basis of applying Bayesian inference to predict the possible future steps of an attack to decrease in response timestamp.