A Better Infected Hosts Detection Combining Ensemble Learning and Threat Intelligence

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F19%3A00348181" target="_blank" >RIV/68407700:21230/19:00348181 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1007/978-3-030-48325-8_23" target="_blank" >https://doi.org/10.1007/978-3-030-48325-8_23</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-030-48325-8_23" target="_blank" >10.1007/978-3-030-48325-8_23</a>

Jazyk výsledku

angličtina

Název v původním jazyce

A Better Infected Hosts Detection Combining Ensemble Learning and Threat Intelligence

Popis výsledku v původním jazyce

Ensemble learning techniques have been successfully proposed and used to improve threats detection in cybersecurity. These techniques usually improve the detection results by combining algorithms that together have less errors. However there has not been any ensemble learning algorithm used to classify network flows when several methods are used to give individual detections for each of the flows. The state of the art in the use of ensemble learning techniques was analyzed to find an alternative for the current intrusion detection mechanisms. This research proposes to incorporate ensemble learning to the Stratosphere Linux IPS (SLIPS), a behavioral-based intrusion detection and prevention system that uses machine learning algorithms to detect malicious behaviors. Our ensembling method is used to obtain better results, taking advantage of the benefits of SLIPS' classifiers and modules. A contribution of our method is to extend the ensembling techniques by considering Threat Intelligence blacklists feeds as part of the detections. We present the results of the first stage of this project, i.e. ensemble learning algorithms to classify individual flows when they have multiple labels. on the other hand we also present the results corresponding to the second stage of our project, i.e. the detection of groups of flows going to the same destination IP.

Název v anglickém jazyce

A Better Infected Hosts Detection Combining Ensemble Learning and Threat Intelligence

Popis výsledku anglicky

Ensemble learning techniques have been successfully proposed and used to improve threats detection in cybersecurity. These techniques usually improve the detection results by combining algorithms that together have less errors. However there has not been any ensemble learning algorithm used to classify network flows when several methods are used to give individual detections for each of the flows. The state of the art in the use of ensemble learning techniques was analyzed to find an alternative for the current intrusion detection mechanisms. This research proposes to incorporate ensemble learning to the Stratosphere Linux IPS (SLIPS), a behavioral-based intrusion detection and prevention system that uses machine learning algorithms to detect malicious behaviors. Our ensembling method is used to obtain better results, taking advantage of the benefits of SLIPS' classifiers and modules. A contribution of our method is to extend the ensembling techniques by considering Threat Intelligence blacklists feeds as part of the detections. We present the results of the first stage of this project, i.e. ensemble learning algorithms to classify individual flows when they have multiple labels. on the other hand we also present the results corresponding to the second stage of our project, i.e. the detection of groups of flows going to the same destination IP.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

CACIC 2019: 25th Argentine Congress of Computer Science

ISBN

978-3-030-48324-1

ISSN

1865-0929

e-ISSN

—

Počet stran výsledku

12

Strana od-do

354-365

Název nakladatele

Springer

Místo vydání

Cham

Místo konání akce

Rio Cuarto

Datum konání akce

14. 10. 2019

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—