Kai Steverson, Caleb Carlin, Jonathan Mullin, Metin B. Ahiskali
{"title":"基于Windows事件日志的自然语言处理网络入侵检测","authors":"Kai Steverson, Caleb Carlin, Jonathan Mullin, Metin B. Ahiskali","doi":"10.1109/ICMCIS52405.2021.9486307","DOIUrl":null,"url":null,"abstract":"This paper applies deep learning and natural language processing to Windows Event Logs for the purpose of detecting cyber attacks. Data is collected from an emulated network that models an enterprise network. The network experiences a cyber attack that uses a spear phishing email and the eternal blue exploit to spread botnet malware. A machine learning anomaly detection algorithm is constructed using the transformer model and self-supervised training. The model is able to detect both the compromised devices as well as attack timing with near perfect precision and recall. These results suggest that this approach could function as the detection portion of an autonomous end point defense system wherein each device is able to react independently to potential intrusions.","PeriodicalId":246290,"journal":{"name":"2021 International Conference on Military Communication and Information Systems (ICMCIS)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Cyber Intrusion Detection using Natural Language Processing on Windows Event Logs\",\"authors\":\"Kai Steverson, Caleb Carlin, Jonathan Mullin, Metin B. Ahiskali\",\"doi\":\"10.1109/ICMCIS52405.2021.9486307\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper applies deep learning and natural language processing to Windows Event Logs for the purpose of detecting cyber attacks. Data is collected from an emulated network that models an enterprise network. The network experiences a cyber attack that uses a spear phishing email and the eternal blue exploit to spread botnet malware. A machine learning anomaly detection algorithm is constructed using the transformer model and self-supervised training. The model is able to detect both the compromised devices as well as attack timing with near perfect precision and recall. These results suggest that this approach could function as the detection portion of an autonomous end point defense system wherein each device is able to react independently to potential intrusions.\",\"PeriodicalId\":246290,\"journal\":{\"name\":\"2021 International Conference on Military Communication and Information Systems (ICMCIS)\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Military Communication and Information Systems (ICMCIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICMCIS52405.2021.9486307\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Military Communication and Information Systems (ICMCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICMCIS52405.2021.9486307","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cyber Intrusion Detection using Natural Language Processing on Windows Event Logs
This paper applies deep learning and natural language processing to Windows Event Logs for the purpose of detecting cyber attacks. Data is collected from an emulated network that models an enterprise network. The network experiences a cyber attack that uses a spear phishing email and the eternal blue exploit to spread botnet malware. A machine learning anomaly detection algorithm is constructed using the transformer model and self-supervised training. The model is able to detect both the compromised devices as well as attack timing with near perfect precision and recall. These results suggest that this approach could function as the detection portion of an autonomous end point defense system wherein each device is able to react independently to potential intrusions.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
