20,894 research outputs found
Process Monitoring on Sequences of System Call Count Vectors
We introduce a methodology for efficient monitoring of processes running on
hosts in a corporate network. The methodology is based on collecting streams of
system calls produced by all or selected processes on the hosts, and sending
them over the network to a monitoring server, where machine learning algorithms
are used to identify changes in process behavior due to malicious activity,
hardware failures, or software errors. The methodology uses a sequence of
system call count vectors as the data format which can handle large and varying
volumes of data.
Unlike previous approaches, the methodology introduced in this paper is
suitable for distributed collection and processing of data in large corporate
networks. We evaluate the methodology both in a laboratory setting on a
real-life setup and provide statistics characterizing performance and accuracy
of the methodology.Comment: 5 pages, 4 figures, ICCST 201
HYPA: Efficient Detection of Path Anomalies in Time Series Data on Networks
The unsupervised detection of anomalies in time series data has important
applications in user behavioral modeling, fraud detection, and cybersecurity.
Anomaly detection has, in fact, been extensively studied in categorical
sequences. However, we often have access to time series data that represent
paths through networks. Examples include transaction sequences in financial
networks, click streams of users in networks of cross-referenced documents, or
travel itineraries in transportation networks. To reliably detect anomalies, we
must account for the fact that such data contain a large number of independent
observations of paths constrained by a graph topology. Moreover, the
heterogeneity of real systems rules out frequency-based anomaly detection
techniques, which do not account for highly skewed edge and degree statistics.
To address this problem, we introduce HYPA, a novel framework for the
unsupervised detection of anomalies in large corpora of variable-length
temporal paths in a graph. HYPA provides an efficient analytical method to
detect paths with anomalous frequencies that result from nodes being traversed
in unexpected chronological order.Comment: 11 pages with 8 figures and supplementary material. To appear at SIAM
Data Mining (SDM 2020
Artificial intelligence in the cyber domain: Offense and defense
Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41
- …