The LeWiS method: target variable estimation using cyber security intelligence

Leigh Chase, Alaa Mohasseb, Benjamin Aziz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

74 Downloads (Pure)


Information Technology plays an increasingly important role in the provision of essential services. For these systems and networks to be reliable and trustworthy, we must defend them from those who would seek to compromise their Confidentiality, Integrity and Availability. Security intelligence tells us about the Tactics, Techniques and Procedures used by threat actors for these very purposes. In this paper, we introduce a novel method for learning malicious behaviours and then estimating how likely it is that a system has been compromised. One of the difficulties encountered when applying machine learning to cyber security, is the lack of ground truth on which to train supervised techniques. This is often compounded by the volume, variety and velocity of data which is far greater than can be processed using only human analyses. The technique, known as LeWiS, includes data preparation and processing phases that learn and later predict the presence of threat actors using a model of their behaviours. The method addresses the problems of scale and veracity, by learning Indicators of Attack via feature extraction from security intelligence that has been obtained through empirical methods. This approach shows promising classification performance for detecting learned malicious behaviours, within synthesised systems' event data.
Original languageEnglish
Title of host publicationProceedings of the 17th International Conference on Web Information Systems and Technologies - WEBIST 2021
Number of pages12
ISBN (Print)9789897585364
Publication statusPublished - 28 Oct 2021
EventInternational Conference on Web Information Systems and Technologies - Online, Valletta, Malta
Duration: 26 Oct 202128 Oct 2021
Conference number: 17

Publication series

ISSN (Print)2184-3252


ConferenceInternational Conference on Web Information Systems and Technologies
Abbreviated titleWEBIST
Internet address


  • cyber security
  • TTPs
  • STIX
  • estimation methods
  • threat intelligence
  • machine learning


Dive into the research topics of 'The LeWiS method: target variable estimation using cyber security intelligence'. Together they form a unique fingerprint.

Cite this