Proactive defense for evolving cyber threats

Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics Pub Date : 2011-07-10 DOI:10.1109/ISI.2011.5984062

R. Colbaugh, K. Glass

{"title":"Proactive defense for evolving cyber threats","authors":"R. Colbaugh, K. Glass","doi":"10.1109/ISI.2011.5984062","DOIUrl":null,"url":null,"abstract":"There is significant interest to develop proactive approaches to cyber defense, in which future attack strategies are anticipated and these insights are incorporated into defense designs. This paper considers the problem of protecting computer networks against intrusions and other attacks, and leverages the coevolutionary relationship between attackers and defenders to derive two new methods for proactive network defense. The first method is a bipartite graph-based machine learning algorithm which enables information concerning previous attacks to be “transferred” for application against novel attacks, thereby substantially increasing the rate with which defense systems can successfully respond to new attacks. The second approach involves exploiting basic threat information (e.g., from cyber security analysts) to generate “synthetic” attack data for use in training defense systems, resulting in networks defenses that are effective against both current and (near) future attacks. The utility of the proposed methods is demonstrated by showing that they outperform standard techniques for the task of detecting malicious network activity in two publicly-available cyber datasets.","PeriodicalId":220165,"journal":{"name":"Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISI.2011.5984062","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 50

Abstract

There is significant interest to develop proactive approaches to cyber defense, in which future attack strategies are anticipated and these insights are incorporated into defense designs. This paper considers the problem of protecting computer networks against intrusions and other attacks, and leverages the coevolutionary relationship between attackers and defenders to derive two new methods for proactive network defense. The first method is a bipartite graph-based machine learning algorithm which enables information concerning previous attacks to be “transferred” for application against novel attacks, thereby substantially increasing the rate with which defense systems can successfully respond to new attacks. The second approach involves exploiting basic threat information (e.g., from cyber security analysts) to generate “synthetic” attack data for use in training defense systems, resulting in networks defenses that are effective against both current and (near) future attacks. The utility of the proposed methods is demonstrated by showing that they outperform standard techniques for the task of detecting malicious network activity in two publicly-available cyber datasets.

查看原文本刊更多论文

主动防御不断演变的网络威胁

人们对开发主动的网络防御方法非常感兴趣，在这种方法中，可以预测未来的攻击策略，并将这些见解纳入防御设计中。本文考虑了计算机网络防御入侵和其他攻击的问题，利用攻击者和防御者之间的协同进化关系，提出了两种新的网络主动防御方法。第一种方法是基于二部图的机器学习算法，该算法使有关先前攻击的信息能够被“转移”用于针对新攻击的应用，从而大大提高防御系统成功响应新攻击的速率。第二种方法涉及利用基本威胁信息(例如，来自网络安全分析师)来生成“综合”攻击数据，用于训练防御系统，从而形成有效抵御当前和(近期)未来攻击的网络防御。通过显示它们优于标准技术来检测两个公开可用的网络数据集中的恶意网络活动，证明了所提出方法的实用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics

自引率

0.00%

发文量