Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection

Parrend, Pierre; Navarro, Julio; Guigou, Fabio; Deruyver, Aline; Collet, Pierre

doi:10.1186/s13635-018-0074-y

Cited by 36 publications

(17 citation statements)

References 68 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many security challenges have been addressed by means of adaptive techniques, involving both supervised learning and clustering. These include one step and especially continuous authentication, network intrusion detection, spam filtering, defacement response and malware analysis (see, e.g., [29,30]). In such applications examples are often continuously generated, and online learning methods are needed.…”

Section: Keyed Learning Of a Defacement Detectormentioning

confidence: 99%

Defacement Detection with Passive Adversaries

Bergadano

Carretto²,

Cogno³

et al. 2019

Algorithms

View full text Add to dashboard Cite

A novel approach to defacement detection is proposed in this paper, addressing explicitly the possible presence of a passive adversary. Defacement detection is an important security measure for Web Sites and Applications, aimed at avoiding unwanted modifications that would result in significant reputational damage. As in many other anomaly detection contexts, the algorithm used to identify possible defacements is obtained via an Adversarial Machine Learning process. We consider an exploratory setting, where the adversary can observe the detector's alarm-generating behaviour, with the purpose of devising and injecting defacements that will pass undetected. It is then necessary to make to learning process unpredictable, so that the adversary will be unable to replicate it and predict the classifier's behaviour. We achieve this goal by introducing a secret key-a key that our adversary does not know. The key will influence the learning process in a number of different ways, that are precisely defined in this paper. This includes the subset of examples and features that are actually used, the time of learning and testing, as well as the learning algorithm's hyper-parameters. This learning methodology is successfully applied in this context, by using the system with both real and artificially modified Web sites. A year-long experimentation is also described, referred to the monitoring of the new Web Site of a major manufacturing company.

show abstract

Section: Keyed Learning Of a Defacement Detectormentioning

confidence: 99%

Defacement Detection with Passive Adversaries

Bergadano

Carretto²,

Cogno³

et al. 2019

Algorithms

View full text Add to dashboard Cite

show abstract

“…This may allow for some useful counteraction, such as raising an alarm, blocking malicious content, or simply switching to higher protection thresholds and more verbose logs. For examples and surveys of applications, see [11][12][13][14][15][16][17][18].…”

Section: Definition and Frameworkmentioning

confidence: 99%

“…Applications of keyed learning fall within the scope of exploratory adversarial learning [2]. This context is generally appropriate for anomaly detection, which comprises several application domains, including intrusion detection [3,5,6,14,25,33,34], attack and malware analysis [7,16,[35][36][37], defacement response [8,17,38,39], Web promotional infection detection [40], and biometric and continuous user authentication [11,18].…”

Section: Applicationsmentioning

confidence: 99%

Keyed learning: An adversarial learning framework—formalization, challenges, and anomaly detection applications

Bergadano

2019

ETRI Journal

View full text Add to dashboard Cite

We propose a general framework for keyed learning, where a secret key is used as an additional input of an adversarial learning system. We also define models and formal challenges for an adversary who knows the learning algorithm and its input data but has no access to the key value. This adversarial learning framework is subsequently applied to a more specific context of anomaly detection, where the secret key finds additional practical uses and guides the entire learning and alarm‐generating procedure.

show abstract

“…Covered Attacks in Discussed IDS(85 IDSs Manuscripts listed inTable A.1)could be used to train machine learning models used for anomaly detection. By employing extendable datasets and a standardized method for dataset generation, alongside the advancement in ML[72],[73], zero-day detection could be integrated into anomaly-based IDSs. Later in Section IV, our presented threat taxonomy highlights the percentage of attack coverage achieved by current IDSs.To further analyze the last decade research on IDSs, it is important to consider the algorithms used.…”

mentioning

confidence: 99%

A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems

et al. 2020

View full text Add to dashboard Cite

As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade's Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of realnetwork threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets.

show abstract

Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection

Cited by 36 publications

References 68 publications

Defacement Detection with Passive Adversaries

Defacement Detection with Passive Adversaries

Keyed learning: An adversarial learning framework—formalization, challenges, and anomaly detection applications

A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems

Contact Info

Product

Resources

About