A Better Infected Hosts Detection Combining Ensemble Learning and Threat Intelligence
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F19%3A00348181" target="_blank" >RIV/68407700:21230/19:00348181 - isvavai.cz</a>
Result on the web
<a href="https://doi.org/10.1007/978-3-030-48325-8_23" target="_blank" >https://doi.org/10.1007/978-3-030-48325-8_23</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1007/978-3-030-48325-8_23" target="_blank" >10.1007/978-3-030-48325-8_23</a>
Alternative languages
Result language
angličtina
Original language name
A Better Infected Hosts Detection Combining Ensemble Learning and Threat Intelligence
Original language description
Ensemble learning techniques have been successfully proposed and used to improve threats detection in cybersecurity. These techniques usually improve the detection results by combining algorithms that together have less errors. However there has not been any ensemble learning algorithm used to classify network flows when several methods are used to give individual detections for each of the flows. The state of the art in the use of ensemble learning techniques was analyzed to find an alternative for the current intrusion detection mechanisms. This research proposes to incorporate ensemble learning to the Stratosphere Linux IPS (SLIPS), a behavioral-based intrusion detection and prevention system that uses machine learning algorithms to detect malicious behaviors. Our ensembling method is used to obtain better results, taking advantage of the benefits of SLIPS' classifiers and modules. A contribution of our method is to extend the ensembling techniques by considering Threat Intelligence blacklists feeds as part of the detections. We present the results of the first stage of this project, i.e. ensemble learning algorithms to classify individual flows when they have multiple labels. on the other hand we also present the results corresponding to the second stage of our project, i.e. the detection of groups of flows going to the same destination IP.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2019
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
CACIC 2019: 25th Argentine Congress of Computer Science
ISBN
978-3-030-48324-1
ISSN
1865-0929
e-ISSN
—
Number of pages
12
Pages from-to
354-365
Publisher name
Springer
Place of publication
Cham
Event location
Rio Cuarto
Event date
Oct 14, 2019
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
—