MACHINE LEARNING ALGORITHMS FOR DETECTION OF CYBER THREATS USING LOGISTIC REGRESSION

The threat of cyberattacks is expanding globally; thus, businesses are developing intelligent artificial intelligence systems that can analyze security and other infrastructure logs from their systems department and quickly and automatically identify cyberattacks. Security analytics based on machine learning the next big thing in cybersecurity is machine data, which aims to mine security data to show the high maintenance costs of static relationship rules and methods. But, choosing the appropriate machine learning technique for log analytics using ML continues to be a significant barrier to AI success in cyber security due to the possibility of a substantial number of false-positive detections in large-scale or global Security Operations Centre (SOC) settings, selecting the proper machine learning technique for security log analytics remains a substantial obstacle to AI success in cyber security. A machine learning technique for a cyber threat exposure system that can minimize false positives is required. Today\u27s machine learning methods for identifying threats frequently use logistic regression. Logistic regression is the first of three machine learning subcategories—supervised, unsupervised, and reinforcement learning. Any machine learning enthusiast will encounter this supervised machine learning algorithm at the beginning of their machine learning career. It\u27s an essential and often applied classification algorithm

Explanation by automated reasoning using the Isabelle Infrastructure framework

In this paper, we propose the use of interactive the- orem proving for explainable machine learning. After presenting our proposition, we illustrate it on the dedicated application of explaining security attacks using the Isabelle Infrastructure framework and its process of dependability engineering. This formal framework and process provides the logics for specifi- cation and modeling. Attacks on security of the system are ex- plained by specification and proofs in the Isabelle Infrastructure framework. Existing case studies of dependability engineering in Isabelle are used as feasibility studies to illustrate how different aspects of explanations are covered by the Isabelle Infrastructure framework

Machine Learning DDoS Detection for Consumer Internet of Things Devices

An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. This motivates the development of new techniques to automatically detect consumer IoT attack traffic. In this paper, we demonstrate that using IoT-specific network behaviors (e.g. limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks. These results indicate that home gateway routers or other network middleboxes could automatically detect local IoT device sources of DDoS attacks using low-cost machine learning algorithms and traffic data that is flow-based and protocol-agnostic.Comment: 7 pages, 3 figures, 3 tables, appears in the 2018 Workshop on Deep Learning and Security (DLS '18

BSCSML: Design of an Efficient Bioinspired Security &Privacy Model for Cyber Physical System using Machine Learning

With the increasing prevalence of Smart Grid Cyber Physical Systems with Advanced Metering Infrastructure (SG CPS AMI), securing their internal components has become one of the paramount concerns. Traditional security mechanisms have proven to be insufficient in defending against sophisticated attacks. Bioinspired security and privacy models have emerged as promising solutions due to their stochastic solutions. This paper proposes a novel bio-inspired security and privacy model for SG CPS AMI that utilizes machine learning to strengthen their security levels. The proposed model is inspired by the hybrid Grey Wolf Teacher Learner based Optimizer (GWTLbO) Method’s ability to detect and respond to threats in real-time deployments. The GWTLbO Model also ensures higher privacy by selecting optimal methods between k-privacy, t-closeness & l-diversity depending upon contextual requirements. This study improves system accuracy and efficiency under diverse attacks using machine learning techniques. The method uses supervised learning to teach the model to recognize known attack trends and uncontrolled learning to spot unknown attacks. Our model was tested using real-time IoT device data samples. The model identified Zero-Day Attacks, Meter Bypass, Flash Image Manipulation, and Buffer-level attacks. The proposed model detects and responds to attacks with high accuracy and low false-positive rates. In real-time operations, the proposed model can handle huge volumes of data efficiently. The bioinspired security and privacy model secures CPS efficiently and is scalable for various cases. Machine learning techniques can improve the security and secrecy of these systems and revolutionize defense against different attacks

1st International Workshop on Search and Mining Terrorist Online Content and Advances in Data Science for Cyber Security and Risk on the Web

The deliberate misuse of technical infrastructure (including the Web and social media) for cyber deviant and cybercriminal behaviour, ranging from the spreading of extremist and terrorism-related material to online fraud and cyber security attacks, is on the rise. This workshop aims to better understand such phenomena and develop methods for tackling them in an effective and efficient manner. The workshop brings together interdisciplinary researchers and experts in Web search, security informatics, social media analysis, machine learning, and digital forensics, with particular interests in cyber security. The workshop programme includes refereed papers, invited talks and a panel discussion for better understanding the current landscape, as well as the future of data mining for detecting cyber deviance

Optical Network Security Management: Requirements, Architecture and Efficient Machine Learning Models for Detection of Evolving Threats [Invited]

As the communication infrastructure that sustains critical societal services, optical networks need to function in a secure and agile way. Thus, cognitive and automated security management functionalities are needed, fueled by the proliferating machine learning (ML) techniques and compatible with common network control entities and procedures. Automated management of optical network security requires advancements both in terms of performance and efficiency of ML approaches for security diagnostics, as well as novel management architectures and functionalities. This paper tackles these challenges by proposing a novel functional block called Security Operation Center (SOC), describing its architecture, specifying key requirements on the supported functionalities and providing guidelines on its integration with optical layer controller. Moreover, to boost efficiency of ML-based security diagnostic techniques when processing high-dimensional optical performance monitoring data in the presence of previously unseen physical-layer attacks, we combine unsupervised and semi-supervised learning techniques with three different dimensionality reduction methods and analyze the resulting performance and trade-offs between ML accuracy and run time complexity

Adversarial Attacks on Machine Learning Cybersecurity Defences in Industrial Control Systems

The proliferation and application of machine learning based Intrusion Detection Systems (IDS) have allowed for more flexibility and efficiency in the automated detection of cyber attacks in Industrial Control Systems (ICS). However, the introduction of such IDSs has also created an additional attack vector; the learning models may also be subject to cyber attacks, otherwise referred to as Adversarial Machine Learning (AML). Such attacks may have severe consequences in ICS systems, as adversaries could potentially bypass the IDS. This could lead to delayed attack detection which may result in infrastructure damages, financial loss, and even loss of life. This paper explores how adversarial learning can be used to target supervised models by generating adversarial samples using the Jacobian-based Saliency Map attack and exploring classification behaviours. The analysis also includes the exploration of how such samples can support the robustness of supervised models using adversarial training. An authentic power system dataset was used to support the experiments presented herein. Overall, the classification performance of two widely used classifiers, Random Forest and J48, decreased by 16 and 20 percentage points when adversarial samples were present. Their performances improved following adversarial training, demonstrating their robustness towards such attacks.Comment: 9 pages. 7 figures. 7 tables. 46 references. Submitted to a special issue Journal of Information Security and Applications, Machine Learning Techniques for Cyber Security: Challenges and Future Trends, Elsevie