| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 3.17 MB | Adobe PDF |
Authors
Abstract(s)
In recent years, the world has witnessed a dramatic increase in cyberattacks. The threat
landscape is evolving unprecedentedly, leaving organizations vulnerable to cyberattacks. Intrusion
Detection Systems (IDS) aim to protect and monitor the threatened networks. IDSs must evolve faster
than attackers to defend current systems consistently and robustly.
The main goal of this work is to show the benefits of including Microsoft (MS) Windows Events
(MSWEs) in current IDSs, taking advantage of the full range of data types. MSWEs provide an in-depth
representation of the behaviour of MS Windows machines. This system implements the dynamic
extraction of both host and network features. The only user-defined instruction for feature extraction is
the total number of features to extract. In addition, the system selects a fixed set of host and network
features. The clustering process comprises three clustering algorithms working simultaneously to detect
outliers. The system also explores four methods for outlier detection to overcome the difficulty of
detecting multiple victims in the same attack.
The proposed system is then evaluated with a public artificial dataset containing both data types.
The evaluation metrics achieved by the different outlier detection metrics are then compared to similar
approaches to demonstrate the benefits of including MSWEs in the system. The results show an
increase of the F-score by 3%, recall by 5%, and the same precision compared with the best-performing
similar approach. The results achieved by the proposed system emphasise the contributions offered by
this work to the field of IDSs.
Description
Keywords
Cybersecurity Machine learning Intrusion Detection System Security Analytics NetFlow Logs.