Skip to main content
SpringerLink
Log in

An Explainable Intelligence Model for Security Event Analysis

  • Conference paper
  • First Online:
AI 2019: Advances in Artificial Intelligence (AI 2019)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11919))

Included in the following conference series:

Abstract

Huge volume of events is logged by monitoring systems. Analysts do not audit or trace the log files, which record the most significant events, until an incident occurs. Human analysis is a tedious and inaccurate task given the vast volume of log files that are stored in a “machine-friendly” format. The analysts have to derive the context for an incident using the prior knowledge to find relevant events to the incident to recognise why it has happened. Although the security tools by providing visualization techniques and minimizing human interactions have been developed to make the process of analysis easier, far too little attention has been paid to interpret security incident in a “human-friendly” format. Besides, the current detection patterns and rules are not mature enough to recognize early breaches, which have not caused any damage. In this paper, we presented an Explainable AI model that assist the analysts’ judgement to infer what is happened from the security event logs. The proposed Explainable AI model includes storytelling as a novel knowledge representation model to present the sequence of the events which automatically are discovered from the log file. For automated discovering sequential events, an apriority-like algorithm by mining temporal patterns is utilized. This effort focused on security events to convey both short-life and long-life activities. The experimental results demonstrate the potential and advantages of the proposed Explainable AI model from the security logs that validated on the activities during the security configuration compliance on Windows system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Amazon web Server.

  2. 2.

    Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.

References

  1. Liu, S., Wang, X., Liu, M., Zhu, J.: Towards better analysis of machine learning models: a visual analytics perspective. Vis. Inf. 1(1), 48–56 (2017)

    Google Scholar 

  2. CBEST Intelligence-led testing: Understanding cyber threat intelligence operations. Bank of England (2016). https://www.bankofengland.co.uk/-/media/boe/files/financial-stability/financial-sector-continuity/understanding-cyber-threat-intelligence-operations.pdf. Accessed 1 Nov 2019

  3. Payne, J.: Build a fast, free, and effective threat hunting/incident response console with windows event forwarding and PowerBI (2017). https://blogs.technet.microsoft.com/jepayne/2017/12/08/weffles/

  4. Tang, M., Fidge, C.: Reconstruction of falsified computer logs for digital forensics investigations. In: Proceedings of the Eighth Australasian Conference on Information Security, vol. 105, pp. 12–21. Australian Computer Society, Inc. (2010)

    Google Scholar 

  5. Albanese, M., Cam, H., Jajodia, S.: Automated cyber situation awareness tools and models for improving analyst performance. In: Pino, R.E., Kott, A., Shevenell, M. (eds.) Cybersecurity Systems for Human Cognition Augmentation. AIS, vol. 61, pp. 47–60. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10374-7_3

    Chapter  Google Scholar 

  6. Schatz, B., Mohay, G., Clark, A.: Rich event representation for computer forensics. In: Proceedings of the Fifth Asia-Pacific Industrial Engineering and Management Systems Conference (APIEMS 2004), vol. 12, pp. 1–16 (2004)

    Google Scholar 

  7. Ekelhart, A., Kiesling, E., Kurniawan, K.: Taming the logs-Vocabularies for semantic security analysis. Proc. Comput. Sci. 137, 109–119 (2018)

    Article  Google Scholar 

  8. Wu, Q., et al.: Internet of things based data driven storytelling for supporting social connections. In: 2013 IEEE International Conference on Green Computing and Communications (GreenCom) and IEEE Internet of Things (iThings/CPSCom) and IEEE Cyber, Physical and Social Computing, pp. 383–390. IEEE (2013)

    Google Scholar 

  9. Mackinaly, J., Kosara, R., Wallace, M.: Data storytelling using visualization to share the human impact of numbers (2014). Accessed 5 July 2014

    Google Scholar 

  10. Khan, S., Parkinson, S.: Eliciting and utilising knowledge for security event log analysis: an association rule mining and automated planning approach. Expert Syst. Appl. 113, 116–127 (2018)

    Article  Google Scholar 

  11. Mahanta, A.K., Mazarbhuiya, F.A., Baruah, H.K.: Finding calendar-based periodic patterns. Pattern Recogn. Lett. 29(9), 1274–1284 (2008)

    Article  Google Scholar 

  12. Le, D.T., Lauw, H.W., Fang, Y.: Basket-sensitive personalized item recommendation. In: IJCAI (2017)

    Google Scholar 

  13. Ghorbani, M., Abessi, M.: A new methodology for mining frequent itemsets on temporal data. IEEE Trans. Eng. Manag. 64(4), 566–573 (2017)

    Article  Google Scholar 

  14. Meamarzade, H., Khayyambash, M.R., Saraee, M.H.: Graph base approaches in mining time interval sequence patterns. Isfahan University White Paper in Persian Language (2009). http://dl.papergram.ir/mobileapp/datamining/pishbini/g272.pdf

  15. Aqra, I., et al.: A novel association rule mining approach using TID intermediate itemset. PLoS One 13(1) (2018). https://doi.org/10.1371/journal.pone.0179703

    Article  Google Scholar 

  16. Chabot, Y., Bertaux, A., Nicolle, C., Kechadi, T.: An ontology-based approach for the reconstruction and analysis of digital incidents timelines. Digit. Investig. 15, 83–100 (2015)

    Article  Google Scholar 

  17. Marrington, A., Baggili, I., Mohay, G., Clark, A.: CAT detect (computer activity timeline detection): a tool for detecting inconsistency in computer activity timelines. Digit. Investig. 8, S52–S61 (2011)

    Article  Google Scholar 

  18. Studiawan, H., Sohel, F., Payne, C.: A survey on forensic investigation of operating system logs. Digit. Investig. 29, 1–20 (2019)

    Article  Google Scholar 

  19. Smith, R.F.: Windows security log event id. https://www.ultimatewindowssecurity.com. Accessed 1 Nov 2019

Download references

Author information

Authors and Affiliations

  1. ISILC, Victoria University, Melbourne, Australia

    Neda AfzaliSeresht & Yuan Miao

  2. Data61, CSIRO, Hobart, Australia

    Neda AfzaliSeresht & Qing Liu

Authors
  1. Neda AfzaliSeresht
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qing Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuan Miao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Neda AfzaliSeresht .

Editor information

Editors and Affiliations

  1. University of South Australia, Adelaide, SA, Australia

    Jixue Liu

  2. The University of Melbourne, Melbourne, VIC, Australia

    James Bailey

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

AfzaliSeresht, N., Liu, Q., Miao, Y. (2019). An Explainable Intelligence Model for Security Event Analysis. In: Liu, J., Bailey, J. (eds) AI 2019: Advances in Artificial Intelligence. AI 2019. Lecture Notes in Computer Science(), vol 11919. Springer, Cham. https://doi.org/10.1007/978-3-030-35288-2_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35288-2_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35287-5

  • Online ISBN: 978-3-030-35288-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation