Analyst intuition based Hidden Markov model on high speed, Temporal Cyber Security Big Data

Teoh, T.T., Nguwi, Y.Y., Elovici, Yuval, Cheung, N.M., and Ng, W.L. (2017) Analyst intuition based Hidden Markov model on high speed, Temporal Cyber Security Big Data. In: Proceedings of the 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD). pp. 2080-2083. From: 13th International Conference on Natural Computation, Fuzzy System and Knowledge Discovery (ICNC-FSKD 2017), 29-31 July 2017, Guilin, China.

[img] PDF (Published Version) - Published Version
Restricted to Repository staff only

View at Publisher Website: https://doi.org/10.1109/FSKD.2017.839309...
 
3


Abstract

Hidden Markov Models (HMM) are probabilistic models that can be used for forecasting time series data. It has seen success in various domains like finance [1-5], bioinformatics [6-8], healthcare [9-11], agriculture [12-14], artificial intelligence[15-17]. However, the use of HMM in cyber security found to date is numbered. We believe the properties of HMM being predictive, probabilistic, and its ability to model different naturally occurring states form a good basis to model cyber security data. It is hence the motivation of this work to provide the initial results of our attempts to predict security attacks using HMM. A large network datasets representing cyber security attacks have been used in this work to establish an expert system. The characteristics of attacker's IP addresses can be extracted from our integrated datasets to generate statistical data. The cyber security expert provides the weight of each attribute and forms a scoring system by annotating the log history. We applied HMM to distinguish between a cyber security attack, unsure and no attack by first breaking the data into 3 cluster using Fuzzy K mean (FKM), then manually label a small data (Analyst Intuition) and finally use HMM state-based approach. By doing so, our results are very encouraging as compare to finding anomaly in a cyber security log, which generally results in creating huge amount of false detection.

Item ID: 50164
Item Type: Conference Item (Research - E1)
ISBN: 978-1-5386-2165-3
Date Deposited: 03 Apr 2019 22:55
FoR Codes: 08 INFORMATION AND COMPUTING SCIENCES > 0899 Other Information and Computing Sciences > 089999 Information and Computing Sciences not elsewhere classified @ 100%
SEO Codes: 89 INFORMATION AND COMMUNICATION SERVICES > 8999 Other Information and Communication Services > 899999 Information and Communication Services not elsewhere classified @ 100%
Downloads: Total: 3
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page