3,531 research outputs found
Predicting Cyber Events by Leveraging Hacker Sentiment
Recent high-profile cyber attacks exemplify why organizations need better
cyber defenses. Cyber threats are hard to accurately predict because attackers
usually try to mask their traces. However, they often discuss exploits and
techniques on hacking forums. The community behavior of the hackers may provide
insights into groups' collective malicious activity. We propose a novel
approach to predict cyber events using sentiment analysis. We test our approach
using cyber attack data from 2 major business organizations. We consider 3
types of events: malicious software installation, malicious destination visits,
and malicious emails that surpassed the target organizations' defenses. We
construct predictive signals by applying sentiment analysis on hacker forum
posts to better understand hacker behavior. We analyze over 400K posts
generated between January 2016 and January 2018 on over 100 hacking forums both
on surface and Dark Web. We find that some forums have significantly more
predictive power than others. Sentiment-based models that leverage specific
forums can outperform state-of-the-art deep learning and time-series models on
forecasting cyber attacks weeks ahead of the events
Enhanced Prediction of Network Attacks Using Incomplete Data
For years, intrusion detection has been considered a key component of many organizations’ network defense capabilities. Although a number of approaches to intrusion detection have been tried, few have been capable of providing security personnel responsible for the protection of a network with sufficient information to make adjustments and respond to attacks in real-time. Because intrusion detection systems rarely have complete information, false negatives and false positives are extremely common, and thus valuable resources are wasted responding to irrelevant events. In order to provide better actionable information for security personnel, a mechanism for quantifying the confidence level in predictions is needed. This work presents an approach which seeks to combine a primary prediction model with a novel secondary confidence level model which provides a measurement of the confidence in a given attack prediction being made. The ability to accurately identify an attack and quantify the confidence level in the prediction could serve as the basis for a new generation of intrusion detection devices, devices that provide earlier and better alerts for administrators and allow more proactive response to events as they are occurring
An Introduction to the Theory and Applications of Bayesian Networks
Bayesian networks are a means to study data. A Bayesian network gives structure to data by creating a graphical system to model the data. It then develops probability distributions over these variables. It explores variables in the problem space and examines the probability distributions related to those variables. It conducts statistical inference over those probability distributions to draw meaning from them. They are good means to explore a large set of data efficiently to make inferences. There are a number of real world applications that already exist and are being actively researched. This paper discusses the theory and applications of Bayesian networks
Unsolved Problems in ML Safety
Machine learning (ML) systems are rapidly increasing in size, are acquiring
new capabilities, and are increasingly deployed in high-stakes settings. As
with other powerful technologies, safety for ML should be a leading research
priority. In response to emerging safety challenges in ML, such as those
introduced by recent large-scale models, we provide a new roadmap for ML Safety
and refine the technical problems that the field needs to address. We present
four problems ready for research, namely withstanding hazards ("Robustness"),
identifying hazards ("Monitoring"), reducing inherent model hazards
("Alignment"), and reducing systemic hazards ("Systemic Safety"). Throughout,
we clarify each problem's motivation and provide concrete research directions.Comment: Position Pape
R-CAD: Rare Cyber Alert Signature Relationship Extraction Through Temporal Based Learning
The large number of streaming intrusion alerts make it challenging for security analysts to quickly identify attack patterns. This is especially difficult since critical alerts often occur too rarely for traditional pattern mining algorithms to be effective. Recognizing the attack speed as an inherent indicator of differing cyber attacks, this work aggregates alerts into attack episodes that have distinct attack speeds, and finds attack actions regularly co-occurring within the same episode. This enables a novel use of the constrained SPADE temporal pattern mining algorithm to extract consistent co-occurrences of alert signatures that are indicative of attack actions that follow each other. The proposed Rare yet Co-occurring Attack action Discovery (R-CAD) system extracts not only the co-occurring patterns but also the temporal characteristics of the co-occurrences, giving the `strong rules\u27 indicative of critical and repeated attack behaviors. Through the use of a real-world dataset, we demonstrate that R-CAD helps reduce the overwhelming volume and variety of intrusion alerts to a manageable set of co-occurring strong rules. We show specific rules that reveal how critical attack actions follow one another and in what attack speed
- …