[1] |
John Caimano, Kerry Matre. Your Metrics Suck! 5 Sec-Ops Metrics That Are Better Than MTTR[EB/OL]. (2020-06-23).[2021-06-12]. https://www.rsaconference.com/Library/presentation/USA/2021/your-metrics-suck-5-secops-metrics-that-are-better-than-mttr.
|
[2] |
Gartner. Hype Cycle for Security Operations, 2020[EB/OL]. (2020-06-23).[2021-06-12]. https://www.gartner.com/en/documents/3986721/hype-cycle-for-security-operations-2020.
|
[3] |
Greg Young. The Skeptic’s Guide to Using XDR to Get Zero Trust[EB/OL]. (2021-05-19).[2021-06-12]. https://www.rsaconference.com/library/Presentation/USA/2021/the-skeptics-guide-to-using-xdr-to-get-zero-trust.
|
[4] |
Alsaheel A, Nan Y, Ma S, et al. {ATLAS}: A Sequence-based Learning Approach for Attack Investigation[C]. 30th {USENIX} Security Symposium ({USENIX} Sec-urity 21), 2021.
|
[5] |
OASIS. Introduction to STIX[EB/OL]. (2021-05-20).[2021-06-12]. https://oasis-open.github.io/cti-doc-umen-tation/stix/intro.html.
|
[6] |
The MITRE Corporation. Malware Attribute Enumeration and Characterization[EB/OL]. (2017-10-09).[2021-06-12]. https://oasis-open.github.io/cti-documentation/stix/intro.html.
|
[7] |
The MITRE Corporation. ATT&CK[EB/OL]. (2017-5-17). [2021-06-12]https://attack.mitre.org/.
|
[8] |
The Open Cybersecurity Alliance. ATT&opencybersecu-rityalliance/kestrel-lang[EB/OL]. (2017-5-19).[2021-06-12]. https://github.com/IBM/kestrel-lang.
|
[9] |
Endgame. endgameinc/eql[EB/OL]. (2019-11-02).[2021-06-12]. https://github.com/endgameinc/eql.
|
[10] |
Noel S, Harley E, Tam K H, et al. CyGraph: graph-based analytics and visualization for cybersecurity[M]. Handbook of Statistics: Elsevier, 2016: 117-167.
|
[11] |
Shu X, Araujo F, Schales D L, et al. Threat Intelligence Computing[C]. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018: 1883-1898.
|
[12] |
Sigma. SigmaHQ/sigma[EB/OL].(2019-01-10).[2021-06-12]. https://github.com/SigmaHQ/sigma.
|
[13] |
Flink. FlinkCEP - Complex event processing for Flink[EB/OL]. (2019-05-03).[2021-06-12]. https://ci.apache.org/projects/flink/flink-docs-stable/dev/libs/cep.html.
|
[14] |
Gao P, Shao F, Liu X, et al. Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence[J]. arXiv preprint arXiv:2010.13637, 2020.
|
[15] |
Gao P, Xiao X, Li D, et al. {SAQL}: A stream-based query system for real-time abnormal system behavior detection[C]. 27th {USENIX} Security Symposium ({USENIX} Security 18), 2018: 639-656.
|
[16] |
Gao P, Xiao X, Li Z, et al. {AIQL}: Enabling efficient attack investigation from system monitoring data[C]. 2018 {USENIX} Annual Technical Conference ({USE-NIX}{ATC} 18), 2018: 113-126.
|