宿主有危险?通过认证日志检测网络入侵

Haibo Bian, Tim Bai, M. A. Salahuddin, Noura Limam, Abbas Abou Daya, R. Boutaba
{"title":"宿主有危险?通过认证日志检测网络入侵","authors":"Haibo Bian, Tim Bai, M. A. Salahuddin, Noura Limam, Abbas Abou Daya, R. Boutaba","doi":"10.23919/CNSM46954.2019.9012700","DOIUrl":null,"url":null,"abstract":"Recently, network infiltrations due to advanced persistent threats (APTs) have grown significantly, resulting in considerable losses to businesses and organizations. APTs are stealthy attacks with the primary objective of gaining unauthorized access to network assets. They often remain dormant for an extended period of time, which makes their detection challenging. In this paper, we leverage machine learning (ML) to detect hosts in a network that are targeted by an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab dataset. We explore (i) graph-based features extracted from multiple data sources i.e., network flows and host authentication logs, (ii) feature engineering to reduce dimensionality, and (iii) balancing the training dataset using numerous over- and under-sampling techniques. Finally, we compare our model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Host in Danger? Detecting Network Intrusions from Authentication Logs\",\"authors\":\"Haibo Bian, Tim Bai, M. A. Salahuddin, Noura Limam, Abbas Abou Daya, R. Boutaba\",\"doi\":\"10.23919/CNSM46954.2019.9012700\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, network infiltrations due to advanced persistent threats (APTs) have grown significantly, resulting in considerable losses to businesses and organizations. APTs are stealthy attacks with the primary objective of gaining unauthorized access to network assets. They often remain dormant for an extended period of time, which makes their detection challenging. In this paper, we leverage machine learning (ML) to detect hosts in a network that are targeted by an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab dataset. We explore (i) graph-based features extracted from multiple data sources i.e., network flows and host authentication logs, (ii) feature engineering to reduce dimensionality, and (iii) balancing the training dataset using numerous over- and under-sampling techniques. Finally, we compare our model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead.\",\"PeriodicalId\":273818,\"journal\":{\"name\":\"2019 15th International Conference on Network and Service Management (CNSM)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 15th International Conference on Network and Service Management (CNSM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/CNSM46954.2019.9012700\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 15th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CNSM46954.2019.9012700","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9

摘要

近年来,高级持续性威胁(advanced persistent threat, apt)导致的网络渗透现象显著增加,给企业和组织造成了相当大的损失。apt是一种隐秘的攻击,其主要目标是获得对网络资产的未经授权的访问。它们通常会在很长一段时间内保持休眠状态,这使得检测它们变得很困难。在本文中,我们利用机器学习(ML)来检测网络中受到APT攻击的主机。我们评估了许多机器学习分类器,以检测洛斯阿拉莫斯国家实验室数据集中的易感主机。我们探索(i)从多个数据源(即网络流和主机认证日志)中提取的基于图的特征,(ii)特征工程来降低维数,以及(iii)使用大量过采样和欠采样技术来平衡训练数据集。最后,我们将我们的模型与利用相同数据集的最先进的方法进行比较,并表明我们的模型在预测性能和开销方面优于它们。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Host in Danger? Detecting Network Intrusions from Authentication Logs
Recently, network infiltrations due to advanced persistent threats (APTs) have grown significantly, resulting in considerable losses to businesses and organizations. APTs are stealthy attacks with the primary objective of gaining unauthorized access to network assets. They often remain dormant for an extended period of time, which makes their detection challenging. In this paper, we leverage machine learning (ML) to detect hosts in a network that are targeted by an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab dataset. We explore (i) graph-based features extracted from multiple data sources i.e., network flows and host authentication logs, (ii) feature engineering to reduce dimensionality, and (iii) balancing the training dataset using numerous over- and under-sampling techniques. Finally, we compare our model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Flow-based Throughput Prediction using Deep Learning and Real-World Network Traffic Learning From Evolving Network Data for Dependable Botnet Detection Exploring NAT Detection and Host Identification Using Machine Learning Lumped Markovian Estimation for Wi-Fi Channel Utilization Prediction An Access Control Implementation Targeting Resource-constrained Environments
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1