The LeWiS method: target variable estimation using cyber security intelligence

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Information Technology plays an increasingly important role in the provision of essential services. For these systems and networks to be reliable and trustworthy, we must defend them from those who would seek to compromise their Confidentiality, Integrity and Availability. Security intelligence tells us about the Tactics, Techniques and Procedures used by threat actors for these very purposes. In this paper, we introduce a novel method for learning malicious behaviours and then estimating how likely it is that a system has been compromised. One of the difficulties encountered when applying machine learning to cyber security, is the lack of ground truth on which to train supervised techniques. This is often compounded by the volume, variety and velocity of data which is far greater than can be processed using only human analyses. The technique, known as LeWiS, includes data preparation and processing phases that learn and later predict the presence of threat actors using a model of their behaviours. The method addresses the problems of scale and veracity, by learning Indicators of Attack via feature extraction from security intelligence that has been obtained through empirical methods. This approach shows promising classification performance for detecting learned malicious behaviours, within synthesised systems' event data.
Original languageEnglish
Title of host publicationProceedings of WEBIST 2021
PublisherSciTePress
Publication statusAccepted for publication - 16 Jul 2021
EventInternational Conference on Web Information Systems and Technologies - Online
Duration: 26 Oct 202128 Oct 2021
Conference number: 17
http://www.webist.org/

Conference

ConferenceInternational Conference on Web Information Systems and Technologies
Abbreviated titleWEBIST
Period26/10/2128/10/21
Internet address

Keywords

  • cyber security
  • TTPs
  • STIX
  • estimation methods
  • threat intelligence
  • machine learning

Fingerprint

Dive into the research topics of 'The LeWiS method: target variable estimation using cyber security intelligence'. Together they form a unique fingerprint.

Cite this