Deep learning for predictive alerting and cyber-attack mitigation

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F23%3APU149370" target="_blank" >RIV/00216305:26230/23:PU149370 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.fit.vut.cz/research/publication/12926/" target="_blank" >https://www.fit.vut.cz/research/publication/12926/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/CCWC57344.2023.10099209" target="_blank" >10.1109/CCWC57344.2023.10099209</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Deep learning for predictive alerting and cyber-attack mitigation

Popis výsledku v původním jazyce

The successful security management of ICT systems and services is essential for an effective cyber security posture. The main objective is to minimize and control the damage caused by cyber-attacks and incidents, to provide effective response and recovery, and to invest efforts in preventing future cyber incidents. To achieve this objective, cyber threat intelligence (CTI) is widely applied, as it is considered a crucial mechanism to proactively defend against modern and dynamically evolving cyber threats and attacks. However, there are multiple challenges in the field of CTI, as there is an enormous amount of unstructured threats data in cyberspace that needs to be collected, classified, analyzed, and shared between states, organizations, or companies. Facing this challenge, data mining techniques and machine learning algorithms are essential for providing meaningful CTI information due to their ability to extract indistinct and hidden patterns in the data. Based on data mining techniques and machine learning algorithms' potential for successfully implementing cyber threat intelligence services, this paper develops an efficient predictive alerting model in a threat intelligence engine using the Deep Residual Network (DRN) model. Further, the main goal is to compare the performance of the DRN model with other machine learning models such as Sequential Rule Mining, IntruDTree, ScaleNet, etc. According to our experimental results, the DRN outperformed other tested machine learning models by achieving better results on parameters such as precision, recall, and F-measure. 

Název v anglickém jazyce

Deep learning for predictive alerting and cyber-attack mitigation

Popis výsledku anglicky

The successful security management of ICT systems and services is essential for an effective cyber security posture. The main objective is to minimize and control the damage caused by cyber-attacks and incidents, to provide effective response and recovery, and to invest efforts in preventing future cyber incidents. To achieve this objective, cyber threat intelligence (CTI) is widely applied, as it is considered a crucial mechanism to proactively defend against modern and dynamically evolving cyber threats and attacks. However, there are multiple challenges in the field of CTI, as there is an enormous amount of unstructured threats data in cyberspace that needs to be collected, classified, analyzed, and shared between states, organizations, or companies. Facing this challenge, data mining techniques and machine learning algorithms are essential for providing meaningful CTI information due to their ability to extract indistinct and hidden patterns in the data. Based on data mining techniques and machine learning algorithms' potential for successfully implementing cyber threat intelligence services, this paper develops an efficient predictive alerting model in a threat intelligence engine using the Deep Residual Network (DRN) model. Further, the main goal is to compare the performance of the DRN model with other machine learning models such as Sequential Rule Mining, IntruDTree, ScaleNet, etc. According to our experimental results, the DRN outperformed other tested machine learning models by achieving better results on parameters such as precision, recall, and F-measure. 

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

IEEE 13th Annual Computing and Communication Workshop and Conference, CCWC 2023

ISBN

978-3-319-93490-7

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

476-481

Název nakladatele

IEEE Computer Society

Místo vydání

Las Vegas

Místo konání akce

Virtual

Datum konání akce

8. 3. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000995182600074