Skip to main content
Journal of Big Data

Table 8 Event abstraction levels

From: Big knowledge-based semantic correlation for detecting slow and low-level advanced persistent threats

Abstraction level

Abstraction rules

Average event reduction rate

Average impact on detecting very slow attacks

Average impact on detecting slow attacks

\(L_0\)

No abstraction

0 %

0 %

0 %

\(L_1\)

\(R_1A\)

12 %

+2.8 %

0 %

\(L_2\)

\(L_1 \wedge R_1S\)

7 %

+0.12 %

0 %

\(L_3\)

\(L_2 \wedge R_1O\)

11 %

+1.5 %

−0.9 %

\(L_4\)

\(L_3 \wedge R_2S\)

18 %

+3.24 %

0 %

\(L_5\)

\(L_4 \wedge R_3S\)

47 %

−1.11 %

−6.8 %

\(L_6\)

\(L_5 \wedge R_4S\)

51 %

−4.3 %

−12.12

Back to article page