System Misuse Detection Via Informed Behavior Clustering and Modeling

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W) Pub Date : 2019-06-01 DOI:10.1109/DSN-W.2019.00011

Linara Adilova, Livin Natious, Siming Chen, Olivier Thonnard, Michael Kamp

{"title":"System Misuse Detection Via Informed Behavior Clustering and Modeling","authors":"Linara Adilova, Livin Natious, Siming Chen, Olivier Thonnard, Michael Kamp","doi":"10.1109/DSN-W.2019.00011","DOIUrl":null,"url":null,"abstract":"One of the main tasks of cybersecurity is recognizing malicious interactions with an arbitrary system. Currently, the logging information from each interaction can be collected in almost unrestricted amounts, but identification of attacks requires a lot of effort and time of security experts.We propose an approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks. In order to enrich the modeling with system specific knowledge, we propose to use an interactive visual interface that allows security experts to identify semantically meaningful clusters of interactions. These clusters incorporate domain knowledge and lead to more precise behavior modeling via informed machine learning. We evaluate the proposed approach on a dataset containing logs of interactions with an administrative interface of login and security server. Our empirical results indicate that the informed modeling is capable of capturing normal behavior, which can then be used to detect abnormal behavior.","PeriodicalId":285649,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN-W.2019.00011","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

One of the main tasks of cybersecurity is recognizing malicious interactions with an arbitrary system. Currently, the logging information from each interaction can be collected in almost unrestricted amounts, but identification of attacks requires a lot of effort and time of security experts.We propose an approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks. In order to enrich the modeling with system specific knowledge, we propose to use an interactive visual interface that allows security experts to identify semantically meaningful clusters of interactions. These clusters incorporate domain knowledge and lead to more precise behavior modeling via informed machine learning. We evaluate the proposed approach on a dataset containing logs of interactions with an administrative interface of login and security server. Our empirical results indicate that the informed modeling is capable of capturing normal behavior, which can then be used to detect abnormal behavior.

查看原文本刊更多论文

基于知情行为聚类和建模的系统误用检测

网络安全的主要任务之一是识别与任意系统的恶意交互。目前，从每次交互中收集的日志信息几乎可以不受限制地收集，但是识别攻击需要安全专家花费大量的精力和时间。我们提出了一种识别欺诈活动的方法，通过机器学习方法，特别是LSTM神经网络，对与系统交互中的正常行为进行建模。为了用系统特定的知识丰富建模，我们建议使用交互式可视化界面，允许安全专家识别语义上有意义的交互集群。这些集群结合了领域知识，并通过知情的机器学习导致更精确的行为建模。我们在包含与登录管理界面和安全服务器交互日志的数据集上评估了所提出的方法。我们的实证结果表明，知情建模能够捕获正常行为，然后可以用来检测异常行为。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)

自引率

0.00%

发文量