Abstract
One of the main tasks of cybersecurity is recognizing malicious interactions with an arbitrary system. Currently, the logging information from each interaction can be collected in almost unrestricted amounts, but identification of attacks requires a lot of effort and time of security experts.We propose an approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks. In order to enrich the modeling with system specific knowledge, we propose to use an interactive visual interface that allows security experts to identify semantically meaningful clusters of interactions. These clusters incorporate domain knowledge and lead to more precise behavior modeling via informed machine learning. We evaluate the proposed approach on a dataset containing logs of interactions with an administrative interface of login and security server. Our empirical results indicate that the informed modeling is capable of capturing normal behavior, which can then be used to detect abnormal behavior.
Original language | English |
---|---|
Title of host publication | Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019, Workshop Volume |
Editors | Matthieu Roy, Yennun Huang |
Place of Publication | Piscataway NJ USA |
Publisher | IEEE, Institute of Electrical and Electronics Engineers |
Pages | 15-23 |
Number of pages | 9 |
ISBN (Electronic) | 9781728130309 |
DOIs | |
Publication status | Published - 2019 |
Externally published | Yes |
Event | Workshop on Data-Centric Dependability and Security 2019 - Portland, United States of America Duration: 24 Jun 2019 → 24 Jun 2019 Conference number: 1st http://dcds.lasige.di.fc.ul.pt/ |
Conference
Conference | Workshop on Data-Centric Dependability and Security 2019 |
---|---|
Abbreviated title | DCDS 2019 |
Country/Territory | United States of America |
City | Portland |
Period | 24/06/19 → 24/06/19 |
Internet address |
Keywords
- Clustering
- Cybersecurity
- Informed ML
- Knowledge injection
- Language models
- Vizualization tools