A Review of Topological Data Analysis for Cybersecurity
- URL: http://arxiv.org/abs/2202.08037v1
- Date: Wed, 16 Feb 2022 13:03:52 GMT
- Title: A Review of Topological Data Analysis for Cybersecurity
- Authors: Thomas Davies
- Abstract summary: Topological Data Analysis (TDA) studies the high level structure of data using techniques from algebraic topology.
We hope to highlight to researchers a promising new area with strong potential to improve cybersecurity data science.
- Score: 1.0878040851638
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In cybersecurity it is often the case that malicious or anomalous activity
can only be detected by combining many weak indicators of compromise, any one
of which may not raise suspicion when taken alone. The path that such
indicators take can also be critical. This makes the problem of analysing
cybersecurity data particularly well suited to Topological Data Analysis (TDA),
a field that studies the high level structure of data using techniques from
algebraic topology, both for exploratory analysis and as part of a machine
learning workflow. By introducing TDA and reviewing the work done on its
application to cybersecurity, we hope to highlight to researchers a promising
new area with strong potential to improve cybersecurity data science.
Related papers
- Enhancing Cyber Security through Predictive Analytics: Real-Time Threat Detection and Response [0.0]
The study uses a dataset from Kaggle with 2000 instances of network traffic and security events.
The findings show that predictive analytics enhance the vigilance of threats and response time.
This paper advocates for predictive analytics as an essential component for developing preventative cyber security strategies.
arXiv Detail & Related papers (2024-07-15T16:11:34Z) - Systematic review, analysis, and characterisation of malicious industrial network traffic datasets for aiding Machine Learning algorithm performance testing [0.0]
This paper systematically reviews publicly available network traffic capture-based datasets.
It includes categorisation of contained attack types, review of metadata, and statistical as well as complexity analysis.
It provides researchers with metadata that can be used to select the best dataset for their research question.
arXiv Detail & Related papers (2024-05-08T07:48:40Z) - It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation [50.06412862964449]
Attack Graph (AG) represents the best-suited solution to model and analyze multi-step attacks on computer networks.
This paper introduces an analysis-driven framework for AG generation.
It enables real-time attack path analysis before the completion of the AG generation with a quantifiable statistical significance.
arXiv Detail & Related papers (2023-12-27T10:44:58Z) - Progressing from Anomaly Detection to Automated Log Labeling and
Pioneering Root Cause Analysis [53.24804865821692]
This study introduces a taxonomy for log anomalies and explores automated data labeling to mitigate labeling challenges.
The study envisions a future where root cause analysis follows anomaly detection, unraveling the underlying triggers of anomalies.
arXiv Detail & Related papers (2023-12-22T15:04:20Z) - Stepping out of Flatland: Discovering Behavior Patterns as Topological Structures in Cyber Hypergraphs [0.7835894511242797]
We present a novel framework based in the theory of hypergraphs and topology to understand data from cyber networks.
We will demonstrate concrete examples in a large-scale cyber network dataset.
arXiv Detail & Related papers (2023-11-08T00:00:33Z) - Few-shot Weakly-supervised Cybersecurity Anomaly Detection [1.179179628317559]
We propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework.
This framework incorporates data augmentation, representation learning and ordinal regression.
We then evaluated and showed the performance of our implemented framework on three benchmark datasets.
arXiv Detail & Related papers (2023-04-15T04:37:54Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - PicoDomain: A Compact High-Fidelity Cybersecurity Dataset [0.9281671380673305]
Current cybersecurity datasets either offer no ground truth or do so with anonymized data.
Most existing datasets are large enough to make them unwieldy during prototype development.
In this paper we have developed the PicoDomain dataset, a compact high-fidelity collection of Zeek logs from a realistic intrusion.
arXiv Detail & Related papers (2020-08-20T20:18:04Z) - Graph Backdoor [53.70971502299977]
We present GTA, the first backdoor attack on graph neural networks (GNNs)
GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features.
It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
arXiv Detail & Related papers (2020-06-21T19:45:30Z) - Survey of Network Intrusion Detection Methods from the Perspective of
the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector.
We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods.
As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.