ESUL analyzer for inceptive threat identification and mitigation

ESUL analyzer for inceptive threat identification and mitigation

연구 분야: Strategies

학회: 2023 Third International Conference on Secure Cyber Computing and Communication (ICSCCC)

Cyber threats are growing and almost everyone is being impacted. In cyber space, a large number of system runs as standalone or as small network segment with limited users. The systems are not equipped with adequate network-level security monitoring solutions. The implementation of these may also be costly. Further, as a standalone system the security is enabled with end point security such as antivirus that usually works on signature based detection methods. As the capabilities of threat actors are increasing many times they bypass detection, lure victims, and make persistence for extent period of time. The latest Indian cyber security regulation emphasizes that enabling different kinds of logs may play a vital role in defending cyber security and incident response. We propose the model of an End System URLs Log (ESUL) analyzer for URLs based threats present in standalone systems. The model continuously analyzes the user's browser history logs of the End system (ES) and announces the list of malicious URLs, if visited previously, based on a received adversarial list. This early threat identification from log data will help end users to learn about threats, perform incident response, and minimize their impact. It also assists users with relevant advisory and best practices. The model is simulated using a phishing database library and the results describe its efficacy.