Data mining for security breach analysis

用于安全漏洞分析的数据挖掘

• 批准号: RGPIN-2018-06743
• 负责人: Yuan, Yufei
• 金额: $ 4.08万
• 依托单位: McMaster University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=746445
• 关键词: Data; mining; security; breach; analysis

A data security breach occurs when there is a loss or theft of, or other unauthorized access to, sensitive information that could result in the potential compromise of the confidentiality or integrity of data. It is important to protect affected parties and to learn useful lessons from such incidents. The objective of this research is to apply grounded theory approach and text mining technology to extract meaningful evidence from security breach reports in order to identify the causes of security breach and to analyze the organizations' incident discovery and response behaviors.General (long-term) objectives:1. To develop innovative data mining approach for security breach analysis.2. To explore and identify various situations and factors that lead to security breaches and the ways to overcome security vulnerabilities.3. To analyze organizations' security breach investigation and response processes and identify the problems of security incident response management.Specific (short term) objectives:1. Build security breach analysis ontology. Using grounded theory approach (Birks, 2013) to identify what are the key aspects and dimensions related to security breach should be studied, such as the time, the type, the cause, the consequence, the detection, and the response of security breaches, and organize them as the ontology for information extraction.2. Apply and enhance ontology-based information extraction (OBIE) method (Wimalasuriya, 2010) to automatically extract information from security breach reports such as the nature of the breach, threat agents responsible for the breach, types of vulnerabilities exposed, means of investigation, and actions for post-breach remediations. The OBIE performance will be evaluated for further improvement.3. Explore and identify situations and known/unknown factors that lead to security breaches using data mining approach such as clustering, association, and classification. A causal security breach model to explain such as the chance and choice of security threat (Ransbotham ndel et al. 2014) and identify the factors that affect the efficiencies and effectiveness of incident response management.This study is expected to enhance our ability to use text mining technology to dynamically discover important, especially previously unknown, situations and causes of security breaches in a rapidly changing cyber security environment. It addresses the research gap in security incident response and develops new threat intelligence and response theories based on knowledge discovery from real data. The project will provide research training opportunities for high-quality personnel in the fields of data analytics and cyber security.

当敏感信息丢失或被盗或以其他方式未经授权访问可能导致数据机密性或完整性受到潜在损害时，即发生数据安全漏洞。必须保护受影响各方，并从此类事件中吸取有益的教训。 本研究的目的是应用扎根理论方法和文本挖掘技术从安全漏洞报告中提取有意义的证据，以识别安全漏洞的原因，并分析组织的事件发现和响应行为。开发创新的数据挖掘方法用于安全漏洞分析.探讨和识别导致安全漏洞的各种情况和因素，以及克服安全漏洞的方法。分析机构的保安事故调查及应变程序，找出保安事故应变管理的问题。具体（短期）目标：1。构建安全漏洞分析本体。利用扎根理论方法（Birks，2013）识别出与安全漏洞相关的需要研究的关键方面和维度，如安全漏洞的时间、类型、原因、后果、检测和响应，并将其组织为本体进行信息提取.应用并增强基于本体的信息提取（OBIE）方法（Wimalasuriya，2010），以自动从安全漏洞报告中提取信息，例如漏洞的性质、对漏洞负责的威胁代理、暴露的漏洞类型、调查手段以及违规后补救措施。 OBIE的绩效将被评估以进一步改进。使用数据挖掘方法（如聚类、关联和分类）探索和识别导致安全漏洞的情况和已知/未知因素。一个因果安全漏洞模型来解释诸如安全威胁的机会和选择（Ransbotham ndel et al.2014），并确定影响事件响应管理效率和有效性的因素，这项研究有望增强我们使用文本挖掘技术动态发现重要的，尤其是以前未知的在快速变化的网络安全环境中，安全漏洞的情况和原因。它解决了安全事件响应方面的研究空白，并基于从真实的数据中发现知识，开发了新的威胁情报和响应理论。该项目将为数据分析和网络安全领域的高素质人员提供研究培训机会。