Analytics for Network Security: A Survey and Taxonomy

Grahn, Kaj J.; Westerlund, Magnus; Pulkkis, Göran

doi:10.1007/978-3-319-44257-0_8

Cited by 15 publications

(8 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, we have only mentioned those classifiers that were selected as best classifiers for a study because most of the studies initially tried out multiple classifiers. Considering the reflections from learning type, we classified the classifier structure into four types: base, Amnesia testbed dataset [125] , SQLMAP [126] [S59, S62, S70] Malware/RAT ESET NOD32 [127], Kingsoft [128], Anubis [129], VirusTotal [130], [S1, S41] APT Sysmon Tool [131], Winlogbeat [132] [S79] Overt Channels ZeuS Tracker [133], Waledac [134], Storm [135] [S22, S39] Side Channel PAPI [136] [S8, S63] Steganography F5 [137], Model Based Steganography [138], Outguess [139], YASS [140] [S3, S9, S20] Data dns2tcp [141],BRO [142],Iodine [143], dnscat [144] and Ozymandns [145], [S4, S14, S15, S21, Tunnelling CobaltStrike [146], ReverseDNShell [147] S29, S32, S67, S68,S80] Fig. 10: Analysis of ML Modelling Phase (The number shows the total studies in each category, while the bold number shows total studies in terms of y-axis) that can handle linear, non-linear, high dimensional data [154].…”

Section: Sql Injectionmentioning

confidence: 99%

Machine Learning for Detecting Data Exfiltration: A Review

Sabir,

Ullah,

Babar

et al. 2020

Preprint

View full text Add to dashboard Cite

Research at the intersection of cybersecurity, Machine Learning (ML), and Software Engineering (SE) has recently taken significant steps in proposing countermeasures for detecting sophisticated data exfiltration attacks. It is important to systematically review and synthesize the ML-based data exfiltration countermeasures for building a body of knowledge on this important topic. Objective: This paper aims at systematically reviewing ML-based data exfiltration countermeasures to identify and classify ML approaches, feature engineering techniques, evaluation datasets, and performance metrics used for these countermeasures. This review also aims at identifying gaps in research on ML-based data exfiltration countermeasures. Method: We used Systematic Literature Review (SLR) method to select and review 92 papers. Results: The review has enabled us to (a) classify the ML approaches used in the countermeasures into data-driven, and behaviour-driven approaches, (b) categorize features into six types: behavioral, content-based, statistical, syntactical, spatial and temporal, (c) classify the evaluation datasets into simulated, synthesized, and real datasets and (d) identify 11 performance measures used by these studies. Conclusion: We conclude that: (i) the integration of data-driven and behaviour-driven approaches should be explored; (ii) There is a need of developing high quality and large size evaluation datasets; (iii) Incremental ML model training should be incorporated in countermeasures; (iv) resilience to adversarial learning should be considered and explored during the development of countermeasures to avoid poisoning attacks; and (v) the use of automated feature engineering should be encouraged for efficiently detecting data exfiltration attacks.

show abstract

Section: Sql Injectionmentioning

confidence: 99%

Machine Learning for Detecting Data Exfiltration: A Review

Sabir,

Ullah,

Babar

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…With the evolution of open source Hadoop infrastructure, big data analysis has become easier, faster and near-real-time, thus, making possible the mining of large amount of data using machine learning to find correlation among various components of the network data including but not limited to network packet captures, firewall log and operating system logs. [267].…”

Section: Cognitive Cyber Kill Chainmentioning

confidence: 99%

A Cognitive and Concurrent Cyber Kill Chain Model

Khan

Siddiqui

Ferens

2017

Computer and Network Security Essentials

View full text Add to dashboard Cite

The challenges of cyber security have outpaced the advantages of cyber tools and technologies. In 2018, World Economic Forum has already placed cyber security in the top five risks faced by the world. Cyber threats are evolving and can cripple economies and nations. The major tools of cyber threats are anonymity, deception and uncertainty. Current state of the art research is also evolving into addressing these challenges by applying new and proactive threat hunting approaches instead of doing reactive cyber defense, which is proving futile. Malware is an indispensable tool of cyber threat actors to accomplish malicious activities i.e. exfiltration, espionage and disruption. Using advanced obfuscation and mutation methods, malware adversaries are able to remain ahead of cyber defenders. Most malware detection technologies are based on finding a-priori known signatures of malware payload or known patterns of malware behavior. This dissertation addresses the challenge of hunting unknown behaviorally mutated malware inside a host computer by proposing a proof of concept framework named Malvidence for characterizing malware behavior within a host operating system process tree using cognitive machine intelligence. Using Malvidence framework, tools and techniques can be derived for variety of cyber security methods for threat detection. Cognitive Computing is a promising domain of machine intelligence which explores and develops new tools to incorporate human cognitive characteristics so that the performance of existing domain of artificial intelligence and machine learning can be improved. Therefore, cognitive complexity based fractal analysis is demonstrated and a methodology of extracting inherent but hidden patterns of malware dynamics using a temporal graph theoretical approach is proposed. Further, a set of graph theoretical features is analyzed and proposed for an effective characterization of malware behavior which can be subsequently used for malware hunting and detection. In addition, the proposed features are tested for their mathematical validity. Finally, using proposed cognitive complexity analysis, characterization performance of an unsupervised clustering algorithm is provided to demonstrate the validity of Malvidence framework.

show abstract

“…These approaches are often highly interactive, and applications may range from simple data exploration and visualization to pattern recognition and model development. They have been used to study a variety of problems from land use change and text mining to intelligent transportation and network security (e.g., [6][7][8]). Szewrański et al [9] demonstrate the utility of combining GIS and business intelligence (BI) to enhance visual data discovery by linking ArcGIS and Tableau.…”

Section: Introductionmentioning

confidence: 99%

An Information Theory-Based Approach to Assessing Spatial Patterns in Complex Systems

Eason

Chuang

Sundstrom

et al. 2019

Entropy

View full text Add to dashboard Cite

Given the intensity and frequency of environmental change, the linked and cross-scale nature of social-ecological systems, and the proliferation of big data, methods that can help synthesize complex system behavior over a geographical area are of great value. Fisher information evaluates order in data and has been established as a robust and effective tool for capturing changes in system dynamics, including the detection of regimes and regime shifts. The methods developed to compute Fisher information can accommodate multivariate data of various types and requires no a priori decisions about system drivers, making it a unique and powerful tool. However, the approach has primarily been used to evaluate temporal patterns. In its sole application to spatial data, Fisher information successfully detected regimes in terrestrial and aquatic systems over transects. Although the selection of adjacently positioned sampling stations provided a natural means of ordering the data, such an approach limits the types of questions that can be answered in a spatial context. Here, we expand the approach to develop a method for more fully capturing spatial dynamics. The results reflect changes in the index that correspond with geographical patterns and demonstrate the utility of the method in uncovering hidden spatial trends in complex systems.

show abstract

Analytics for Network Security: A Survey and Taxonomy

Cited by 15 publications

References 30 publications

Machine Learning for Detecting Data Exfiltration: A Review

Machine Learning for Detecting Data Exfiltration: A Review

A Cognitive and Concurrent Cyber Kill Chain Model

An Information Theory-Based Approach to Assessing Spatial Patterns in Complex Systems

Contact Info

Product

Resources

About