Comprehensive Security Framework for Global Threats Analysis

Information modeling and behavioral analysis are new solutions to cyber criminality activities within the information society. Presents a framework detailing steps for monitoring an information society. Experiment results show that modeling reduces cyber criminal events by 91%, showing that the User Behavioral Analysis is an effective way of detecting more than 80% of legitimate attack scenarios. The analysis server component is hierarchical and its distributive agents share two functionalities: a collector function to gather information on monitored components and a homogenization function that standardizes collected information. Event modeling considers action theory and event semantics (intention, movement, target, and gain). The attacker strategy considers following functions: recon, authentication, authorization, system intention, activity, config, attack, malware, suspicious, vulnerability, and information. Behavioral analysis approach considers model method selection, anomaly detection, event selection, and anomaly evaluation.