Intelligence graphs for threat intelligence and security policy validation of cyber systems

While the recent advances in Data Science and Machine Learning attract lots of attention in Cyber Security because of their promise for effective security analytics, Vulnerability Analysis, Risk Assessment and Security Policy Validation remain slightly aside. This is mainly due to the relatively slow progress in the theoretical formulation and the technologi-cal foundation of the cyber security concepts such as logical vulnerability, threats and risks. In this article we are proposing a framework for logical analysis, threat intelligence and validation of security policies in cyber systems. It is based on multi-level model, consisting of ontology of situations and actions under security threats, security policies governing the security-related activities, and graph of the transactions. The framework is validated using a set of scenarios describing the most common security threats in digital banking and a proto-type of an event-driven engine for navigation through the intelligence graphs has been im-plemented. Although the framework was developed specifically for application in digital banking, the authors believe that it has much wider applicability to security policy analysis, threat intelligence and security by design of cyber systems for financial, commercial and business operations

Threat intelligence using machine learning packet dissection

In this research we compare different methods to examine network packets using supervised learning to predict possible intrusions. Although there have been many attempts to use Machine Learning for automated packet analysis, our application simplifies the process by taking any packet data source for analysis in a container ready for deploying on a private or public cloud without the need to pre-process the packet data. The packet is dissected extracting numerical data, describing the packet numbers, the time and length of the packets. Categorical variables are the source and destination IP addresses, protocol used and packet info/flag. The use of filters allows ability to recognize any type of packet (e.g., SYN, ACK, FIN, RST). Four machine learning models, i.e., Neural Networks, Support Vector Machines, Logistic Regression and Linear Regression, are applied respectively to calculate the probability of suspicious packets. Subsequently, the outcomes are compared. During the testing against trojan malware, the models can detect the suspicious packets sent to a bogus website and attempts at downloading malware by means of packet payload analysis

Threat intelligence using machine learning packet dissection

In this research we compare different methods to examine network packets using supervised learning to predict possible intrusions. Although there have been many attempts to use Machine Learning for automated packet analysis, our application simplifies the process by taking any packet data source for analysis in a container ready for deploying on a private or public cloud without the need to pre-process the packet data. The packet is dissected extracting numerical data, describing the packet numbers, the time and length of the packets. Categorical variables are the source and destination IP addresses, protocol used and packet info/flag. The use of filters allows to recognize any type of packet. Four machine learning models, i.e., Neural Networks, Support Vector Machines, Logistic Regression and Linear Regression, are applied respectively to calculate the probability of suspicious packets. Subsequently, the outcomes are compared. In default mode, the suspicious packets and their context of source, destination, length, and protocol are discovered. During the testing against trojan malware, the models can detect the suspicious packets sent to a bogus website and attempts at downloading malware by means of packet payload analysis. The initial Neural Network model shows an accuracy of 85% on testing data, which is further enhanced with the incremental learning cycles to 88% after 20 updates with class weighting. The Support Vector Machine model performs slightly better than the initial Neural Network with an accuracy of 92%, while the Logistic Regression and Linear Regression models perform faster but with a lower accuracy at 70%.