The LeWiS method: target variable estimation using cyber security intelligence

Leigh Chase; Alaa Mohasseb; Benjamin Aziz

doi:10.5220/0010645000003058

The LeWiS method: target variable estimation using cyber security intelligence

Leigh Chase^*, Alaa Mohasseb, Benjamin Aziz

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

148 Downloads (Pure)

Abstract

Information Technology plays an increasingly important role in the provision of essential services. For these systems and networks to be reliable and trustworthy, we must defend them from those who would seek to compromise their Confidentiality, Integrity and Availability. Security intelligence tells us about the Tactics, Techniques and Procedures used by threat actors for these very purposes. In this paper, we introduce a novel method for learning malicious behaviours and then estimating how likely it is that a system has been compromised. One of the difficulties encountered when applying machine learning to cyber security, is the lack of ground truth on which to train supervised techniques. This is often compounded by the volume, variety and velocity of data which is far greater than can be processed using only human analyses. The technique, known as LeWiS, includes data preparation and processing phases that learn and later predict the presence of threat actors using a model of their behaviours. The method addresses the problems of scale and veracity, by learning Indicators of Attack via feature extraction from security intelligence that has been obtained through empirical methods. This approach shows promising classification performance for detecting learned malicious behaviours, within synthesised systems' event data.

Original language	English
Title of host publication	Proceedings of the 17th International Conference on Web Information Systems and Technologies - WEBIST 2021
Publisher	SciTePress
Pages	15-26
Number of pages	12
ISBN (Print)	9789897585364
DOIs	https://doi.org/10.5220/0010645000003058
Publication status	Published - 28 Oct 2021
Event	International Conference on Web Information Systems and Technologies - Online, Valletta, Malta Duration: 26 Oct 2021 → 28 Oct 2021 Conference number: 17 http://www.webist.org http://www.webist.org/

Publication series

Name	WEBSIT
Publisher	SciTePress
ISSN (Print)	2184-3252

Conference

Conference	International Conference on Web Information Systems and Technologies
Abbreviated title	WEBIST
Country/Territory	Malta
City	Valletta
Period	26/10/21 → 28/10/21
Internet address	http://www.webist.org http://www.webist.org/

Keywords

cyber security
TTPs
STIX
estimation methods
threat intelligence
machine learning

Access to Document

10.5220/0010645000003058

The_LeWiS_Method__Target_Variable_Estimation_using_Cyber_Security_Intelligence
This is the accepted manuscript of Chase, L.; Mohasseb, A. and Aziz, B. (2021). The LeWiS Method: Target Variable Estimation using Cyber Security Intelligence. In Proceedings of the 17th International Conference on Web Information Systems and Technologies - WEBIST, ISBN 978-989-758-536-4; ISSN 2184-3252, pages 15-26. DOI: 10.5220/0010645000003058.
Accepted author manuscript (Post-print), 670 KB

Cyber Threats Prediction Using Experience Sharing Model And Ensemble Learning Algorithms
Mohasseb, A. (PI) & Aziz, B. (CoI)
1/10/20 → 31/07/24
Project: Research

Cite this

@inproceedings{ef984f55dc954171ab7b8b645c520e4a,

title = "The LeWiS method: target variable estimation using cyber security intelligence",

abstract = "Information Technology plays an increasingly important role in the provision of essential services. For these systems and networks to be reliable and trustworthy, we must defend them from those who would seek to compromise their Confidentiality, Integrity and Availability. Security intelligence tells us about the Tactics, Techniques and Procedures used by threat actors for these very purposes. In this paper, we introduce a novel method for learning malicious behaviours and then estimating how likely it is that a system has been compromised. One of the difficulties encountered when applying machine learning to cyber security, is the lack of ground truth on which to train supervised techniques. This is often compounded by the volume, variety and velocity of data which is far greater than can be processed using only human analyses. The technique, known as LeWiS, includes data preparation and processing phases that learn and later predict the presence of threat actors using a model of their behaviours. The method addresses the problems of scale and veracity, by learning Indicators of Attack via feature extraction from security intelligence that has been obtained through empirical methods. This approach shows promising classification performance for detecting learned malicious behaviours, within synthesised systems' event data.",

keywords = "cyber security, TTPs, STIX, estimation methods, threat intelligence, machine learning",

author = "Leigh Chase and Alaa Mohasseb and Benjamin Aziz",

year = "2021",

month = oct,

day = "28",

doi = "10.5220/0010645000003058",

language = "English",

isbn = "9789897585364",

series = "WEBSIT",

publisher = "SciTePress",

pages = "15--26",

booktitle = "Proceedings of the 17th International Conference on Web Information Systems and Technologies - WEBIST 2021",

note = "International Conference on Web Information Systems and Technologies, WEBIST ; Conference date: 26-10-2021 Through 28-10-2021",

url = "http://www.webist.org, http://www.webist.org/",

}

Chase, L, Mohasseb, A & Aziz, B 2021, The LeWiS method: target variable estimation using cyber security intelligence. in Proceedings of the 17th International Conference on Web Information Systems and Technologies - WEBIST 2021. WEBSIT, SciTePress, pp. 15-26, International Conference on Web Information Systems and Technologies, Valletta, Malta, 26/10/21. https://doi.org/10.5220/0010645000003058

TY - GEN

T1 - The LeWiS method: target variable estimation using cyber security intelligence

AU - Chase, Leigh

AU - Mohasseb, Alaa

AU - Aziz, Benjamin

N1 - Conference code: 17

PY - 2021/10/28

Y1 - 2021/10/28

N2 - Information Technology plays an increasingly important role in the provision of essential services. For these systems and networks to be reliable and trustworthy, we must defend them from those who would seek to compromise their Confidentiality, Integrity and Availability. Security intelligence tells us about the Tactics, Techniques and Procedures used by threat actors for these very purposes. In this paper, we introduce a novel method for learning malicious behaviours and then estimating how likely it is that a system has been compromised. One of the difficulties encountered when applying machine learning to cyber security, is the lack of ground truth on which to train supervised techniques. This is often compounded by the volume, variety and velocity of data which is far greater than can be processed using only human analyses. The technique, known as LeWiS, includes data preparation and processing phases that learn and later predict the presence of threat actors using a model of their behaviours. The method addresses the problems of scale and veracity, by learning Indicators of Attack via feature extraction from security intelligence that has been obtained through empirical methods. This approach shows promising classification performance for detecting learned malicious behaviours, within synthesised systems' event data.

AB - Information Technology plays an increasingly important role in the provision of essential services. For these systems and networks to be reliable and trustworthy, we must defend them from those who would seek to compromise their Confidentiality, Integrity and Availability. Security intelligence tells us about the Tactics, Techniques and Procedures used by threat actors for these very purposes. In this paper, we introduce a novel method for learning malicious behaviours and then estimating how likely it is that a system has been compromised. One of the difficulties encountered when applying machine learning to cyber security, is the lack of ground truth on which to train supervised techniques. This is often compounded by the volume, variety and velocity of data which is far greater than can be processed using only human analyses. The technique, known as LeWiS, includes data preparation and processing phases that learn and later predict the presence of threat actors using a model of their behaviours. The method addresses the problems of scale and veracity, by learning Indicators of Attack via feature extraction from security intelligence that has been obtained through empirical methods. This approach shows promising classification performance for detecting learned malicious behaviours, within synthesised systems' event data.

KW - cyber security

KW - TTPs

KW - STIX

KW - estimation methods

KW - threat intelligence

KW - machine learning

U2 - 10.5220/0010645000003058

DO - 10.5220/0010645000003058

M3 - Conference contribution

SN - 9789897585364

T3 - WEBSIT

SP - 15

EP - 26

BT - Proceedings of the 17th International Conference on Web Information Systems and Technologies - WEBIST 2021

PB - SciTePress

T2 - International Conference on Web Information Systems and Technologies

Y2 - 26 October 2021 through 28 October 2021

ER -

The LeWiS method: target variable estimation using cyber security intelligence

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Projects

Cyber Threats Prediction Using Experience Sharing Model And Ensemble Learning Algorithms

Cite this