AI/ML in Security Orchestration, Automation and Response: Future Research Directions

Kinyua, Johnson; Awuah, Lawrence

doi:10.32604/iasc.2021.016240

Cited by 36 publications

(28 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The dataset is made by collecting datasets from repositories along with the own result obtained from the hybrid analysis. In the first part, logistic regression is supervised classification where our target variable is a discrete value stating whether the application is malicious or not called binary classification [27]. This model uses the sigmoid function given below in the equation.…”

Section: Existing Classifiers 41 Logistic Regressionmentioning

confidence: 99%

Investigation of Android Malware Using Deep Learning Approach

Raymond¹,

Raj²

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

In recent days the usage of android smartphones has increased extensively by end-users. There are several applications in different categories banking/finance, social engineering, education, sports and fitness, and many more applications. The android stack is more vulnerable compared to other mobile platforms like IOS, Windows, or Blackberry because of the open-source platform. In the Existing system, malware is written using vulnerable system calls to bypass signature detection important drawback is might not work with zero-day exploits and stealth malware. The attackers target the victim with various attacks like adware, backdoor, spyware, ransomware, and zero-day exploits and create threat hunts on the day-to-day basics. In the existing approach, there are various traditional machine learning classifiers for building a decision support system with limitations such as low detection rate and less feature selection. The important contents taken for building model from android applications like Intent Filter, Permission Signature, API Calls, and System commands are taken from the manifest file. The function parameters of various machine and deep learning classifiers like Nave Bayes, k-Nearest Neighbors (k-NN), Support Vector Machine (SVM), Ada Boost, and Multi-Layer Perceptron (MLP) are done for effective results. In our proposed work, we have used an unsupervised learning multilayer perceptron with multiple target labels and built a model with a better accuracy rate compared to logistic regression, and rank the best features for detection of applications and classify as malicious or benign can be used as threat model by online antivirus scanners.

show abstract

Section: Existing Classifiers 41 Logistic Regressionmentioning

confidence: 99%

Investigation of Android Malware Using Deep Learning Approach

Raymond¹,

Raj²

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

show abstract

“…Next-gen firewalls, include traditional firewalls, combine them with filtering capabilities, network-and port-address translation (NAT), VPN support, and other features. According to [2], the threat detection technology tools mentioned above are unaware of an organization's entire IT ecosystem. Vulnerability detection tools is a software tool that according to the bibliography, there are three major types of analysis tools and techniques for detecting software vulnerabilities: a) static analysis, which examines the system/software without executing it, including examining source code, bytecode, and/or binaries, b) dynamic analysis, which examines the system/software by executing it, giving it specific inputs, and examining results and/or outputs, c) hybrid analysis, combining a, b.…”

Section: State Of the Art Of Tools Used Into Soarmentioning

confidence: 99%

“…DFLabs IncMac SOAR [4], [2] enable the planning and recovery phases through features such as knowledge bases, key performance indicators, and advanced reporting.…”

Section: Soar Solutionsmentioning

confidence: 99%

IRIS Advanced Threat Intelligence Orchestrator- A Way to Manage Cybersecurity Challenges of IoT Ecosystems in Smart Cities

Bilali

Kosyvas²,

Theodoropoulos³

et al. 2022

Internet of Things

View full text Add to dashboard Cite

This paper provides an overview of the Advanced Threat Intelligence Orchestrator in assisting organizations and society's first responders in managing, prioritizing, and sharing information related to cyber security incidents. In order to accomplish this, the capabilities and benefits of security, orchestration, automation, and response (SOAR) systems, on which Orchestrator is based, were promoted. The results of this survey conducted as part of the IRIS EU-funded project to protect Internet of Things (IoT) and Artificial Intelligence (AI)-driven ICT-enabled systems from cyber threats and attacks on their privacy facilitating SOC/CSIRTs/CERTs. In this context, the tool is explored in methods of orchestrating and automating cyber security processes and routines. The open-source tool that was chosen for the creation of Advanced Threat Intelligence Orchestrator was SHUFFLE. SHUFFLE gives a wide variety of functionalities as it can be integrated with numerous tools and APIS. Furthermore, the provision of schematic workflows with action steps makes the stakeholders' interface more intuitive.

show abstract

“…AI/ML-powered defense systems are able to analyze large amount of data and identify suspicious patterns in real-time (or near real-time). The main targets for AI/ML applications include intrusion detection (network-based attacks), phishing and spam (emails), threat detection and characterization, and user behavioral analytics [ 132 ].…”

Section: Potential Enhancements Of Future Siemsmentioning

confidence: 99%

Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures

González-Granadillo

González-Zarzosa

Díaz

2021

Sensors

119

View full text Add to dashboard Cite

Security Information and Event Management (SIEM) systems have been widely deployed as a powerful tool to prevent, detect, and react against cyber-attacks. SIEM solutions have evolved to become comprehensive systems that provide a wide visibility to identify areas of high risks and proactively focus on mitigation strategies aiming at reducing costs and time for incident response. Currently, SIEM systems and related solutions are slowly converging with big data analytics tools. We survey the most widely used SIEMs regarding their critical functionality and provide an analysis of external factors affecting the SIEM landscape in mid and long-term. A list of potential enhancements for the next generation of SIEMs is provided as part of the review of existing solutions as well as an analysis on their benefits and usage in critical infrastructures.

show abstract

AI/ML in Security Orchestration, Automation and Response: Future Research Directions

Cited by 36 publications

References 9 publications

Investigation of Android Malware Using Deep Learning Approach

Investigation of Android Malware Using Deep Learning Approach

IRIS Advanced Threat Intelligence Orchestrator- A Way to Manage Cybersecurity Challenges of IoT Ecosystems in Smart Cities

Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures

Contact Info

Product

Resources

About