Machine learning enabled system for intelligent classification of host-based intrusion severity

Abstract

Intrusion severity classification or the analysis of the impact of intrusion is a much needed solution to effectively manage intrusion events in an organization. A lot of intrusion scenarios have been carried out by systems administrators or the internal workers over the years in different organizations and the external hackers are berated for it. Many deliberate inversions have happened from the internal actors with top management board members only swinging into actions to manage the effect of it without digging into the inversion to apprehend the actors or the source of the intrusion. So, this work has been designed to assist IT firms to effectively carry out the analysis of the impact of intrusion, especially those from the internal workers. In this work, we proposed a Machine Learning Enabled System for Intelligent Classification of Host-based Intrusion Severity. The proposed model is aimed at detecting the severity of intrusion problems, carryout source analysis and give security recommendation for effective management of intrusion problems. The model is divided into three phases; the detection of intrusion severity, source analysis and security recommendation using counterfacatual reasoning.We built a system that aided us to gather user interaction over time, we captured these interaction in the activity log, our dataset was extracted from these activity log data.We used Bayesian Network to design the intrusion severity classification system, source analysis is carried out immediately, then counterfactual model is employed to give security recommendation. The accuracy of Bayesian Network in the intrusion severity classification model is 82%. An API was generated and deployed to allow scalability.