DeepTaskAPT: Insider APT detection using Task-tree based Deep Learning
- URL: http://arxiv.org/abs/2108.13989v1
- Date: Tue, 31 Aug 2021 17:22:34 GMT
- Title: DeepTaskAPT: Insider APT detection using Task-tree based Deep Learning
- Authors: Mohammad Mamun and Kevin Shi
- Abstract summary: This paper proposes a heterogeneous task-tree based deep learning method to construct a baseline model based on sequences of tasks.
Rather than applying the model to sequential log entries directly, DeepTaskAPT applies a process tree based task generation method.
To the best of knowledge this is the very first attempt of using recently introduced OpTC dataset for cyber threat detection.
- Score: 1.5026200429729288
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: APT, known as Advanced Persistent Threat, is a difficult challenge for cyber
defence. These threats make many traditional defences ineffective as the
vulnerabilities exploited by these threats are insiders who have access to and
are within the network. This paper proposes DeepTaskAPT, a heterogeneous
task-tree based deep learning method to construct a baseline model based on
sequences of tasks using a Long Short-Term Memory (LSTM) neural network that
can be applied across different users to identify anomalous behaviour. Rather
than applying the model to sequential log entries directly, as most current
approaches do, DeepTaskAPT applies a process tree based task generation method
to generate sequential log entries for the deep learning model. To assess the
performance of DeepTaskAPT, we use a recently released synthetic dataset, DARPA
Operationally Transparent Computing (OpTC) dataset and a real-world dataset,
Los Alamos National Laboratory (LANL) dataset. Both of them are composed of
host-based data collected from sensors. Our results show that DeepTaskAPT
outperforms similar approaches e.g. DeepLog and the DeepTaskAPT baseline model
demonstrate its capability to detect malicious traces in various attack
scenarios while having high accuracy and low false-positive rates. To the best
of knowledge this is the very first attempt of using recently introduced OpTC
dataset for cyber threat detection.
Related papers
- On Technique Identification and Threat-Actor Attribution using LLMs and Embedding Models [37.81839740673437]
This research evaluates large language models (LLMs) for cyber-attack attribution based on behavioral indicators extracted from forensic documentation.<n>Our framework then identifies TTPs from text using vector embedding search and builds profiles to attribute new attacks for a machine learning model to learn.
arXiv Detail & Related papers (2025-05-15T04:14:29Z) - Task-Agnostic Detector for Insertion-Based Backdoor Attacks [53.77294614671166]
We introduce TABDet (Task-Agnostic Backdoor Detector), a pioneering task-agnostic method for backdoor detection.
TABDet leverages final layer logits combined with an efficient pooling technique, enabling unified logit representation across three prominent NLP tasks.
TABDet can jointly learn from diverse task-specific models, demonstrating superior detection efficacy over traditional task-specific methods.
arXiv Detail & Related papers (2024-03-25T20:12:02Z) - TEN-GUARD: Tensor Decomposition for Backdoor Attack Detection in Deep
Neural Networks [3.489779105594534]
We introduce a novel approach to backdoor detection using two tensor decomposition methods applied to network activations.
This has a number of advantages relative to existing detection methods, including the ability to analyze multiple models at the same time.
Results show that our method detects backdoored networks more accurately and efficiently than current state-of-the-art methods.
arXiv Detail & Related papers (2024-01-06T03:08:28Z) - Task-Distributionally Robust Data-Free Meta-Learning [99.56612787882334]
Data-Free Meta-Learning (DFML) aims to efficiently learn new tasks by leveraging multiple pre-trained models without requiring their original training data.
For the first time, we reveal two major challenges hindering their practical deployments: Task-Distribution Shift ( TDS) and Task-Distribution Corruption (TDC)
arXiv Detail & Related papers (2023-11-23T15:46:54Z) - A Geometrical Approach to Evaluate the Adversarial Robustness of Deep
Neural Networks [52.09243852066406]
Adversarial Converging Time Score (ACTS) measures the converging time as an adversarial robustness metric.
We validate the effectiveness and generalization of the proposed ACTS metric against different adversarial attacks on the large-scale ImageNet dataset.
arXiv Detail & Related papers (2023-10-10T09:39:38Z) - NetSentry: A Deep Learning Approach to Detecting Incipient Large-scale
Network Attacks [9.194664029847019]
We show how to use Machine Learning for Network Intrusion Detection (NID) in a principled way.
We propose NetSentry, perhaps the first of its kind NIDS that builds on Bi-ALSTM, an original ensemble of sequential neural models.
We demonstrate F1 score gains above 33% over the state-of-the-art, as well as up to 3 times higher rates of detecting attacks such as XSS and web bruteforce.
arXiv Detail & Related papers (2022-02-20T17:41:02Z) - SOME/IP Intrusion Detection using Deep Learning-based Sequential Models
in Automotive Ethernet Networks [2.3204135551124407]
Intrusion Detection Systems are widely used to detect cyberattacks.
We present a deep learning-based sequential model for offline intrusion detection on SOME/IP protocol.
arXiv Detail & Related papers (2021-08-04T09:58:06Z) - Edge-Detect: Edge-centric Network Intrusion Detection using Deep Neural
Network [0.0]
Edge nodes are crucial for detection against multitudes of cyber attacks on Internet-of-Things endpoints.
We develop a novel light, fast and accurate 'Edge-Detect' model, which detects Denial of Service attack on edge nodes using DLM techniques.
arXiv Detail & Related papers (2021-02-03T04:24:34Z) - Bayesian Optimization with Machine Learning Algorithms Towards Anomaly
Detection [66.05992706105224]
In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique.
The performance of the considered algorithms is evaluated using the ISCX 2012 dataset.
Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
arXiv Detail & Related papers (2020-08-05T19:29:35Z) - Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models.
We propose a method to verify if a pre-trained model is Trojaned or benign.
Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
arXiv Detail & Related papers (2020-07-28T19:00:40Z) - Rectified Linear Postsynaptic Potential Function for Backpropagation in
Deep Spiking Neural Networks [55.0627904986664]
Spiking Neural Networks (SNNs) usetemporal spike patterns to represent and transmit information, which is not only biologically realistic but also suitable for ultra-low-power event-driven neuromorphic implementation.
This paper investigates the contribution of spike timing dynamics to information encoding, synaptic plasticity and decision making, providing a new perspective to design of future DeepSNNs and neuromorphic hardware systems.
arXiv Detail & Related papers (2020-03-26T11:13:07Z) - A Deep Unsupervised Feature Learning Spiking Neural Network with
Binarized Classification Layers for EMNIST Classification using SpykeFlow [0.0]
unsupervised learning technique of spike timing dependent plasticity (STDP) using binary activations are used to extract features from spiking input data.
The accuracies obtained for the balanced EMNIST data set compare favorably with other approaches.
arXiv Detail & Related papers (2020-02-26T23:47:35Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.