{"title":"基于特定情境的网络安全观察的模型引导感染预测和主动防御","authors":"H. Çam","doi":"10.1109/MILCOM47813.2019.9020980","DOIUrl":null,"url":null,"abstract":"Cybersecurity tools such as intrusion detection and prevention systems usually generate far too many alerts, indicators or log data, many of which do not have obvious security implications unless their correlations and temporal causality relationships are determined. In order to infer cybersecurity observations and take defensive actions for a given set of assets, this paper proposes methods to first estimate the infected and exploited assets and then take recovery and preventive actions, with the help of graphs, deep learning, and autonomous agents. The proposed motif and graph thinking analysis of cyber infection and exploitation predicts the infection states of some assets. This prediction data of infections is taken as input data by deep learning networks to enable the agents to determine effective actions for inferring adversary activities and protecting assets. The results of the infection prediction and the games of these agents show the effectiveness of actions.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"28 19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Model-Guided Infection Prediction and Active Defense Using Context-Specific Cybersecurity Observations\",\"authors\":\"H. Çam\",\"doi\":\"10.1109/MILCOM47813.2019.9020980\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity tools such as intrusion detection and prevention systems usually generate far too many alerts, indicators or log data, many of which do not have obvious security implications unless their correlations and temporal causality relationships are determined. In order to infer cybersecurity observations and take defensive actions for a given set of assets, this paper proposes methods to first estimate the infected and exploited assets and then take recovery and preventive actions, with the help of graphs, deep learning, and autonomous agents. The proposed motif and graph thinking analysis of cyber infection and exploitation predicts the infection states of some assets. This prediction data of infections is taken as input data by deep learning networks to enable the agents to determine effective actions for inferring adversary activities and protecting assets. The results of the infection prediction and the games of these agents show the effectiveness of actions.\",\"PeriodicalId\":371812,\"journal\":{\"name\":\"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)\",\"volume\":\"28 19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM47813.2019.9020980\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM47813.2019.9020980","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Model-Guided Infection Prediction and Active Defense Using Context-Specific Cybersecurity Observations
Cybersecurity tools such as intrusion detection and prevention systems usually generate far too many alerts, indicators or log data, many of which do not have obvious security implications unless their correlations and temporal causality relationships are determined. In order to infer cybersecurity observations and take defensive actions for a given set of assets, this paper proposes methods to first estimate the infected and exploited assets and then take recovery and preventive actions, with the help of graphs, deep learning, and autonomous agents. The proposed motif and graph thinking analysis of cyber infection and exploitation predicts the infection states of some assets. This prediction data of infections is taken as input data by deep learning networks to enable the agents to determine effective actions for inferring adversary activities and protecting assets. The results of the infection prediction and the games of these agents show the effectiveness of actions.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
