Seth Hasings (University of Tulsa)

Security Operations Centers (SOCs) receive thousands of security alerts each day, and analysts are responsible for evaluating each alert and initiating corrective action when necessary. Many of these alerts require consulting user authentication logs, which are notoriously messy and designed for machine use rather than human interpretability. We apply a novel methodology for processing raw logs into interpretable user authentication events in a university SOC dashboard tool. We review steps for data processing and describe views designed for analysts. To illustrate its value, we utilized the dashboard on a 90-day sample of alert logs from a university SOC. We present two representative alerts from the sample as case studies to motivate and demonstrate the generalized workflows. We show that enhanced data from the dashboard could be utilized to completely investigate over 84% of alerts in the sample without additional context or tools, and a further 13% could be partially investigated.

View More Papers

“Do We Call Them That? Absolutely Not.”: Juxtaposing the...

Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Luca Favaro (Technical University of Munich), and Florian Matthes (Technical University of Munich)

Read More

The Midas Touch: Triggering the Capability of LLMs for...

Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of…

Read More

SCAMMAGNIFIER: Piercing the Veil of Fraudulent Shopping Website Campaigns

Marzieh Bitaab (Arizona State University), Alireza Karimi (Arizona State University), Zhuoer Lyu (Arizona State University), Adam Oest (Amazon), Dhruv Kuchhal (Amazon), Muhammad Saad (X Corp.), Gail-Joon Ahn (Arizona State University), Ruoyu Wang (Arizona State University), Tiffany Bao (Arizona State University), Yan Shoshitaishvili (Arizona State University), Adam Doupé (Arizona State University)

Read More

Diffence: Fencing Membership Privacy With Diffusion Models

Yuefeng Peng (University of Massachusetts Amherst), Ali Naseh (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst)

Read More