Data mining for security breach analysis

用于安全漏洞分析的数据挖掘

• 批准号: RGPIN-2018-06743
• 负责人: Yuan, Yufei
• 金额: $ 2.04万
• 依托单位: McMaster University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2019
• 资助国家: 加拿大
• 起止时间: 2019-01-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=682206
• 关键词: Data; mining; security; breach; analysis

A data security breach occurs when there is a loss or theft of, or other unauthorized access to, sensitive information that could result in the potential compromise of the confidentiality or integrity of data. It is important to protect affected parties and to learn useful lessons from such incidents. The objective of this research is to apply grounded theory approach and text mining technology to extract meaningful evidence from security breach reports in order to identify the causes of security breach and to analyze the organizations' incident discovery and response behaviors.*******General (long-term) objectives:****1. To develop innovative data mining approach for security breach analysis.****2. To explore and identify various situations and factors that lead to security breaches and the ways to overcome security vulnerabilities.****3. To analyze organizations' security breach investigation and response processes and identify the problems of security incident response management.******Specific (short term) objectives:****1. Build security breach analysis ontology. Using grounded theory approach (Birks, 2013) to identify what are the key aspects and dimensions related to security breach should be studied, such as the time, the type, the cause, the consequence, the detection, and the response of security breaches, and organize them as the ontology for information extraction.****2. Apply and enhance ontology-based information extraction (OBIE) method (Wimalasuriya, 2010) to automatically extract information from security breach reports such as the nature of the breach, threat agents responsible for the breach, types of vulnerabilities exposed, means of investigation, and actions for post-breach remediations. The OBIE performance will be evaluated for further improvement.****3. Explore and identify situations and known/unknown factors that lead to security breaches using data mining approach such as clustering, association, and classification. A causal security breach model to explain such as the chance and choice of security threat (Ransbotham ndel et al. 2014) and identify the factors that affect the efficiencies and effectiveness of incident response management.******This study is expected to enhance our ability to use text mining technology to dynamically discover important, especially previously unknown, situations and causes of security breaches in a rapidly changing cyber security environment. It addresses the research gap in security incident response and develops new threat intelligence and response theories based on knowledge discovery from real data. The project will provide research training opportunities for high-quality personnel in the fields of data analytics and cyber security.*********

当敏感信息丢失或被盗，或对敏感信息的其他未经授权的访问可能导致数据的机密性或完整性受到潜在危害时，就会发生数据安全漏洞。重要的是要保护受影响的各方，并从这类事件中吸取有益的教训。本研究的目标是应用扎根理论方法和文本挖掘技术从安全漏洞报告中提取有意义的证据，以识别安全漏洞的原因并分析组织的事件发现和响应行为。总体(长期)目标：*1.开发创新的数据挖掘方法用于安全漏洞分析。*2.探索和识别导致安全漏洞的各种情况和因素以及克服安全漏洞的方法。*3.分析组织的安全漏洞调查和响应流程和方法识别安全事件响应管理存在的问题。*具体(短期)目标：*1.构建安全漏洞分析本体。使用扎根理论方法(Birks，2013)识别与安全漏洞相关的关键方面和维度，如安全漏洞的时间、类型、原因、后果、检测和响应，并将其组织为信息提取的本体。*2.应用并增强基于本体的信息提取(Obie，Obie)方法(Wimalasuriya，2010)，从安全漏洞报告中自动提取信息，如漏洞的性质、对漏洞负责的威胁代理、暴露的漏洞类型、调查手段和漏洞后补救行动。将对Obie性能进行评估以进一步改进。*3.使用数据挖掘方法，如聚类、关联和分类，探索和识别导致安全漏洞的情况和已知/未知因素。一个解释安全威胁的机会和选择的因果安全漏洞模型(Ransbotham ndel et al.*这项研究有望增强我们利用文本挖掘技术在快速变化的网络安全环境中动态发现重要的、特别是以前未知的安全漏洞的情况和原因的能力。它弥补了安全事件响应方面的研究空白，发展了基于真实数据知识发现的新的威胁情报和响应理论。该项目将为数据分析和网络安全领域的高素质人员提供研究培训机会。