Cyber Intelligence Assessment- an approach through Entropy

2018 IEEE Punecon Pub Date : 2018-11-01 DOI:10.1109/PUNECON.2018.8745379

Prasenjit Sen

{"title":"Cyber Intelligence Assessment- an approach through Entropy","authors":"Prasenjit Sen","doi":"10.1109/PUNECON.2018.8745379","DOIUrl":null,"url":null,"abstract":"The conventional methods of defence against cyber attacks are classified principally under signature verification and pattern recognition. The weaknesses inherent in them enables the hackers to penetrate the cyber security. Hence Cyber threat intelligence has become a fundamental component of any advanced cyber security program. Other than the advance warning of incidences received from shared sources, the cyber intelligence is basically derived from the vast information generated from the in house systems, like SIEM data for anomaly and deviation. Assuming a probability distribution of the anomalies arriving in the SIEM system attempt in this paper is taking Shanon’s Entropy as a measure for the uncertainty for a typical data set. As in machine learning a model probability distribution of the alerts in the SIEM may be taken as ‘training data’ and the corresponding Entropy value as reference. Now for any sample of an actual Alerts is likely to have a different probability distribution. A Cross Entropy of this new distribution against the reference model will give the divergence value. This paper proposes to take this divergence as an index for assessment of the cyber intelligence.","PeriodicalId":166677,"journal":{"name":"2018 IEEE Punecon","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Punecon","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PUNECON.2018.8745379","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The conventional methods of defence against cyber attacks are classified principally under signature verification and pattern recognition. The weaknesses inherent in them enables the hackers to penetrate the cyber security. Hence Cyber threat intelligence has become a fundamental component of any advanced cyber security program. Other than the advance warning of incidences received from shared sources, the cyber intelligence is basically derived from the vast information generated from the in house systems, like SIEM data for anomaly and deviation. Assuming a probability distribution of the anomalies arriving in the SIEM system attempt in this paper is taking Shanon’s Entropy as a measure for the uncertainty for a typical data set. As in machine learning a model probability distribution of the alerts in the SIEM may be taken as ‘training data’ and the corresponding Entropy value as reference. Now for any sample of an actual Alerts is likely to have a different probability distribution. A Cross Entropy of this new distribution against the reference model will give the divergence value. This paper proposes to take this divergence as an index for assessment of the cyber intelligence.

查看原文本刊更多论文

网络情报评估——一种通过熵的方法

传统的网络攻击防御方法主要分为签名验证和模式识别两大类。它们固有的弱点使黑客能够穿透网络安全。因此，网络威胁情报已成为任何先进网络安全计划的基本组成部分。除了从共享来源收到的事件预警外，网络情报基本上来自于内部系统产生的大量信息，如异常和偏差的SIEM数据。假设异常到达SIEM系统的概率分布，本文尝试用香农熵作为典型数据集的不确定性度量。与机器学习一样，SIEM中警报的模型概率分布可以作为“训练数据”，并将相应的熵值作为参考。现在对于实际警报的任何样本都可能有不同的概率分布。该新分布相对于参考模型的交叉熵将给出散度值。本文提出将这种差异作为评价网络智能的一个指标。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE Punecon

自引率

0.00%

发文量