Haibo Bian, Tim Bai, M. A. Salahuddin, Noura Limam, Abbas Abou Daya, R. Boutaba
{"title":"Host in Danger? Detecting Network Intrusions from Authentication Logs","authors":"Haibo Bian, Tim Bai, M. A. Salahuddin, Noura Limam, Abbas Abou Daya, R. Boutaba","doi":"10.23919/CNSM46954.2019.9012700","DOIUrl":null,"url":null,"abstract":"Recently, network infiltrations due to advanced persistent threats (APTs) have grown significantly, resulting in considerable losses to businesses and organizations. APTs are stealthy attacks with the primary objective of gaining unauthorized access to network assets. They often remain dormant for an extended period of time, which makes their detection challenging. In this paper, we leverage machine learning (ML) to detect hosts in a network that are targeted by an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab dataset. We explore (i) graph-based features extracted from multiple data sources i.e., network flows and host authentication logs, (ii) feature engineering to reduce dimensionality, and (iii) balancing the training dataset using numerous over- and under-sampling techniques. Finally, we compare our model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 15th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CNSM46954.2019.9012700","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
Recently, network infiltrations due to advanced persistent threats (APTs) have grown significantly, resulting in considerable losses to businesses and organizations. APTs are stealthy attacks with the primary objective of gaining unauthorized access to network assets. They often remain dormant for an extended period of time, which makes their detection challenging. In this paper, we leverage machine learning (ML) to detect hosts in a network that are targeted by an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab dataset. We explore (i) graph-based features extracted from multiple data sources i.e., network flows and host authentication logs, (ii) feature engineering to reduce dimensionality, and (iii) balancing the training dataset using numerous over- and under-sampling techniques. Finally, we compare our model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
