Julien Michel

In Rencontres des jeunes chercheurs en intelligence artificielle

Abstract

Attack detection in big networks has become a necessity. Yet, with the ever changing threat landscape and massive amount of data to handle, network intrusion detection systems (NIDS) end up being obsolete. Different machine-learning-based solutions have been developed to answer the detection problem for data with evolving statistical distributions. However, no approach has proved to be both scalable and robust to passing time. In this paper, we propose a scalable and unsupervised approach to detect behavioral patterns without prior knowledge on the nature of attacks. For this purpose, we define novel metrics for graph community dynamics and use them as feature with unsupervised detection algorithm on the UGR’16 dataset. The proposed approach improves existing detection algorithms by 285.56% in precision and 222.82% in recall when compared to usual feature extraction (FE) using isolation forest.

Graph-based intelligent cyber threat detection system

By Julien Michel, Pierre Parrend

0000-01-01

In Handbook of AI-driven threat detection and prevention: A holistic approach to security

Abstract

In the wake of the generalised spread of machine learning approaches, attackers are actively considering those approaches to avoid being detected. Classification models for attack detection are foremost composed of feature-driven algorithms. Thus, primary features which are individual dimension in the original attributes of data in the input space are a prime target to compromise an AI-driven model. Additionally, adversarial examples have shown that an attacker does not need to have knowledge of detection criteria to compromise a detection model, even in the case of a black box model. Attacks behavioural changes cause features from attacks datapoints to be altered and detection performances to drop. Thus, robust features must be engineered to prevent models to be compromised in such manner. Graph-based feature engineering has recently shown promising results considering robust threat detection. We offer an overview on methods for graph-based features extraction and explain why they are relevant to robust feature engineering for threat detection purposes. We detail what we think are properties for feature space to be sustainable and efficient for their prolonged exploitation in security operating centres. Specifically, we provide key criteria for the robustness of a feature space for attack detection. Finally, we summarize the characteristics for time robust feature selection, identify current limitations specific to the distinctive type of graph-based approaches in the purposes of threat detection in large internet networks.

Metrics for community dynamics applied to unsupervised attacks detection

Abstract

Graph-based intelligent cyber threat detection system

Abstract

Search

Tags