Cyber threat intelligence is one of the emerging areas of focus in information security. Much of the recent work has focused on rule-based methods and detection of network attacks using Intrusion Detection algorithms. In this paper we propose a framework for inspecting and modelling the behavioural aspect of an attacker to obtain better insight predictive power on his future actions. For modelling we propose a novel semi-supervised algorithm called Fusion Hidden Markov Model (FHMM) which is more robust to noise, requires comparatively less training time, and utilizes the benefits of ensemble learning to better model temporal relationships in data. This paper evaluates the performances of FHMM and compares it with both traditional algorithms like Markov Chain, Hidden Markov Model (HMM) and recently developed Deep Recurrent Neural Network (Deep RNN) architectures. We conduct the experiments on dataset consisting of real data attacks on a Cowrie honeypot system. FHMM provides accuracy comparable to deep RNN architectures at significant lower training time. Given these experimental results, we recommend using FHMM for modelling discrete temporal data for significantly faster training and better performance than existing methods.
翻译:网络威胁情报是信息安全方面新出现的重点领域之一。最近许多工作的重点是使用入侵探测算法对网络攻击进行基于规则的方法和探测。在本文件中,我们提议了一个框架,用于检查和模拟攻击者的行为方面,以获得对其未来行动的更深入的预测力。为建模,我们提议了一个叫Fusion Hide Markov 模型(FHMM)的新型半监督算法,该算法对噪音更为强大,要求相对较少的培训时间,并利用联合学习的好处来改进数据中的时间关系模型。本文评估了FHMM的性能,并将其与Markov链、Hacking Markov模型(HMM)和最近开发的深层常规神经网络(Deep RNN)结构等传统算法进行比较。我们进行了由对Cowrie蜂窝系统的真实数据攻击构成的数据集实验。FHMM在培训时间大大降低时提供了与深 RN 结构的精确性。我们建议使用FHMMM模型来模拟离时数据,以便大大加快培训和改进现有方法。
相关内容
微信扫码咨询专知VIP会员