More Web Proxy on the site http://driver.im/

research-article

Joint prediction on security event and time interval through deep learning

Authors:

Jia LiAuthors Info & Claims

Volume 117, Issue C

https://doi.org/10.1016/j.cose.2022.102696

Published: 01 June 2022 Publication History

Abstract

Recently, sophisticated attacks on cyberspace have occurred frequently, causing severe damage to the Internet. Predicting potential threats can assist security engineers in deploying corresponding defenses in advance to reduce the damage. Thus, threat prediction has drawn attention in communities recently. Previous works utilized merely historical security event sequences to predict the subsequent event through the recurrent neural network (RNN), yielding inaccurate results when the input sequence is corrupted by false reports from underlying detection logs. In this paper, we develop a joint predictor for security events and time intervals through attention-based LSTM (Long Short-Term Memory). To enhance the event predicting performance for corrupted input sequences, time intervals between events are incorporated into the input tuple, providing more distinguishing features. Moreover, a time discretization method is proposed to transform the skewed long-tail dwell time distribution into a predictable distribution of the time interval. In addition, the joint optimization function enables the model to predict the occurrence time of the next event simultaneously, which is supportive for security managers to select appropriate defenses. Our model is proved to be effective on four real-world datasets, outperforming previous methods on both event and time prediction. Moreover, the empirical results also validate the model’s stability.

References

[1]

K. Aditya, S. Grzonkowski, N.-A. Le-Khac, Riskwriter: predicting cyber risk of an enterprise, International Conference on Information Systems Security, Springer, 2018, pp. 88–106.

[2]

L. Bilge, Y. Han, M. Dell’Amico, Riskteller: predicting the risk of cyber incidents, CCS ’17, 2017.

[3]

CFDR. Blue gene/p data. https://www.usenix.org/cfdr-data.

[4]

F. Chen, Y. Shen, G. Zhang, X. Liu, The network security situation predicting technology based on the small-world echo state network, 2013 IEEE 4th International Conference on Software Engineering and Service Science, IEEE, 2013, pp. 377–380.

[5]

X. Cheng, S. Lang, Research on network security situation assessment and prediction, 2012 Fourth International Conference on Computational and Information Sciences, IEEE, 2012, pp. 864–867.

[6]

Cho, K., Van Merriënboer, B., Gulcehre, C., Bahdanau, D., Bougares, F., Schwenk, H., Bengio, Y., 2014. Learning phrase representations using RNNencoder-decoder for statistical machine translation. arXiv preprint arXiv:1406.1078

[7]

B.D.R. Cox, Regression models and life-tables, J. R. Stat. Soc. 34 (2) (1972) 187–202.

[8]

S. Fan, S. Wu, Z. Wang, Z. Li, J. Yang, H. Liu, X. Liu, Aleap: attention-based LSTM with event embedding for attack projection, 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC), IEEE, 2019, pp. 1–8.

[9]

H. Farhadi, M. AmirHaeri, M. Khansari, Alert correlation and prediction using data mining and HMM, ISeCure 3 (2) (2011) 77–102.

[10]

Gulmezoglu, B., Moghimi, A., Eisenbarth, T., Sunar, B., 2019. Fortuneteller: predicting microarchitectural attacks via unsupervised deep learning. arXiv preprint arXiv:1907.03651

[11]

S. Hochreiter, J. Schmidhuber, Long short-term memory, Neural Comput. 9 (8) (1997) 1735–1780.

Digital Library

[12]

T. Hughes, O. Sheyner, Attack scenario graphs for computer network threat analysis and prediction, Complexity 9 (2) (2003) 15–18.

Digital Library

[13]

M. Husák, J. Komárková, E. Bou-Harb, P. Čeleda, Survey of attack projection, prediction, and forecasting in cyber security, IEEE Commun. Surv. Tutor. 21 (1) (2018) 640–660.

[14]

J.D. Kalbfleisch, R.L. Prentice, The Statistical Analysis of Failure Time Data, vol. 360, John Wiley & Sons, 2011.

[15]

E.L. Kaplan, P. Meier, Nonparametric estimation from incomplete observations, J. Am. Stat. Assoc. 53 (282) (1958) 457–481.

[16]

Y.-B. Leau, S. Manickam, A novel adaptive grey Verhulst model for network security situation prediction, Int. J. Adv. Comput. Sci. Appl. 7 (1) (2016) 90–95.

[17]

Luong, M.-T., Pham, H., Manning, C. D., 2015. Effective approaches to attention-based neural machine translation. arXiv preprint arXiv:1508.04025

[18]

S. Ma, Z. Zha, F. Wu, Knowing user better: jointly predicting click-through and playtime for micro-video, 2019 IEEE International Conference on Multimedia and Expo (ICME), IEEE, 2019, pp. 472–477.

[19]

T. Mikolov, M. Karafiát, L. Burget, J. Černockỳ, S. Khudanpur, Recurrent neural network based language model, Eleventh Annual Conference of the International Speech Communication Association, 2010.

[20]

T. Mikolov, I. Sutskever, K. Chen, G.S. Corrado, J. Dean, Distributed representations of words and phrases and their compositionality, Advances in Neural Information Processing Systems, 2013, pp. 3111–3119.

[21]

A. Okutan, G. Werner, S.J. Yang, K. McConky, Forecasting cyberattacks with incomplete, imbalanced, and insignificant data, Cybersecurity 1 (1) (2018) 15.

[22]

A. Okutan, S.J. Yang, Assert: attack synthesis and separation with entropy redistribution towards predictive cyber defense, Cybersecurity 2 (1) (2019) 15.

[23]

Z. Qiao, S. Zhao, C. Xiao, X. Li, Y. Qin, F. Wang, Pairwise-ranking based collaborative recurrent neural networks for clinical event prediction, Proceedings of the Twenty-Seventh International Joint Conference on Artificial Intelligence, 2018.

[24]

M. Schuster, K.K. Paliwal, Bidirectional recurrent neural networks, IEEE Trans. Signal Process. 45 (11) (1997) 2673–2681.

Digital Library

[25]

M. Sharif, J. Urakawa, N. Christin, A. Kubota, A. Yamada, Predicting impending exposure to malicious content from user behavior, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2018, pp. 1487–1501.

[26]

M. Sharif, J. Urakawa, N. Christin, A. Kubota, A. Yamada, Predicting impending exposure to malicious content from user behavior, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp. 1487–1501.

[27]

Y. Shen, E. Mariconti, P.A. Vervier, G. Stringhini, Tiresias: predicting security events through deep learning, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp. 592–605.

[28]

M.J.M. Turcotte, A.D. Kent, C. Hash, Unified Host and Network Data Set, World Scientific, 2018, pp. 1–22.

[29]

G. Yang, Y. Cai, C.K. Reddy, Spatio-temporal check-in time prediction with recurrent neural network based survival analysis, IJCAI, 2018, pp. 2976–2983.

[30]

R. Zheng, D. Zhang, Q. Wu, M. Zhang, C. Yang, A strategy of network security situation autonomic awareness, International Conference on Network Computing and Information Security, Springer, 2012, pp. 632–639.

[31]

T. Zhou, H. Qian, Z. Shen, C. Zhang, C. Wang, S. Liu, W. Ou, Jump: a joint predictor for user click and dwell time, Proceedings of the 27th International Joint Conference on Artificial Intelligence. AAAI Press, 2018, pp. 3704–3710.

Index Terms

Joint prediction on security event and time interval through deep learning

Index terms have been assigned to the content through auto-classification.

Recommendations

CyberSecurity Attack Prediction: A Deep Learning Approach
SIN 2020: 13th International Conference on Security of Information and Networks

Cybersecurity attacks are exponentially increasing, making existing detection mechanisms insufficient and enhancing the necessity to design more relevant prediction models and approaches. This issue is still an open research problem since existing ...
Prediction of the Next Sensor Event and Its Time of Occurrence in Smart Homes
Artificial Neural Networks and Machine Learning – ICANN 2019: Text and Time Series
Abstract
We present work on sequential sensor events in smart homes with results on the prediction of the next sensor event and its time of occurrence in the same model using Recurrent Neural Network with Long Short-Term Memory. We implement four ...
Nexat: a history-based approach to predict attacker actions
ACSAC '11: Proceedings of the 27th Annual Computer Security Applications Conference

Computer networks are constantly being targeted by different attacks. Since not all attacks are created equal, it is of paramount importance for network administrators to be aware of the status of the network infrastructure, the relevance of each attack ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 117, Issue C

Jun 2022

328 pages

ISSN:0167-4048

Issue’s Table of Contents

Copyright © 2022.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 01 June 2022

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents