Cyber Key Terrain Identification Using Adjusted PageRank Centrality

• URL: http://arxiv.org/abs/2306.11018v2
• Date: Wed, 24 Apr 2024 13:32:02 GMT
• Title: Cyber Key Terrain Identification Using Adjusted PageRank Centrality
• Authors: Lukáš Sadlek, Pavel Čeleda,
• Abstract summary: We propose an approach for the classification of IP addresses belonging to cyber key terrain according to their network position using the PageRank centrality adjusted by machine learning. We evaluate the approach on a dataset from a cyber defense exercise and on data from the campus network.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The cyber terrain contains devices, network services, cyber personas, and other network entities involved in network operations. Designing a method that automatically identifies key network entities to network operations is challenging. However, such a method is essential for determining which cyber assets should the cyber defense focus on. In this paper, we propose an approach for the classification of IP addresses belonging to cyber key terrain according to their network position using the PageRank centrality computation adjusted by machine learning. We used hill climbing and random walk algorithms to distinguish PageRank's damping factors based on source and destination ports captured in IP flows. The one-time learning phase on a static data sample allows near-real-time stream-based classification of key hosts from IP flow data in operational conditions without maintaining a complete network graph. We evaluated the approach on a dataset from a cyber defense exercise and on data from the campus network. The results show that cyber key terrain identification using the adjusted computation of centrality is more precise than its original version.

Related papers

• SCGNet-Stacked Convolution with Gated Recurrent Unit Network for Cyber Network Intrusion Detection and Intrusion Type Classification [0.0]
  Intrusion detection systems (IDSs) are far from being able to quickly and efficiently identify complex and varied network attacks. The SCGNet is a novel deep learning architecture that we propose in this study. It exhibits promising results on the NSL-KDD dataset in both task, network attack detection, and attack type classification with 99.76% and 98.92% accuracy, respectively.
  arXiv  Detail & Related papers  (2024-10-29T09:09:08Z)
• Initialisation and Network Effects in Decentralised Federated Learning [1.5961625979922607]
  Decentralised federated learning enables collaborative training of individual machine learning models on a distributed network of communicating devices. This approach avoids central coordination, enhances data privacy and eliminates the risk of a single point of failure. We propose a strategy for uncoordinated initialisation of the artificial neural networks based on the distribution of eigenvector centralities of the underlying communication network.
  arXiv  Detail & Related papers  (2024-03-23T14:24:36Z)
• Using Graph Theory for Improving Machine Learning-based Detection of Cyber Attacks [4.465883551216819]
  Early detection of network intrusions and cyber threats is one of the main pillars of cybersecurity. One of the most effective approaches for this purpose is to analyze network traffic with the help of artificial intelligence algorithms.
  arXiv  Detail & Related papers  (2024-02-12T18:44:02Z)
• Initial Study into Application of Feature Density and Linguistically-backed Embedding to Improve Machine Learning-based Cyberbullying Detection [54.83707803301847]
  The research was conducted on a Formspring dataset provided in a Kaggle competition on automatic cyberbullying detection. The study confirmed the effectiveness of Neural Networks in cyberbullying detection and the correlation between classifier performance and Feature Density.
  arXiv  Detail & Related papers  (2022-06-04T03:17:15Z)
• Unsupervised Domain-adaptive Hash for Networks [81.49184987430333]
  Domain-adaptive hash learning has enjoyed considerable success in the computer vision community. We develop an unsupervised domain-adaptive hash learning method for networks, dubbed UDAH.
  arXiv  Detail & Related papers  (2021-08-20T12:09:38Z)
• Temporal Graph Network Embedding with Causal Anonymous Walks Representations [54.05212871508062]
  We propose a novel approach for dynamic network representation learning based on Temporal Graph Network. For evaluation, we provide a benchmark pipeline for the evaluation of temporal network embeddings. We show the applicability and superior performance of our model in the real-world downstream graph machine learning task provided by one of the top European banks.
  arXiv  Detail & Related papers  (2021-08-19T15:39:52Z)
• Intrusion detection in computer systems by using artificial neural networks with Deep Learning approaches [0.0]
  Intrusion detection into computer networks has become one of the most important issues in cybersecurity. This paper focuses on the design and implementation of an intrusion detection system based on Deep Learning architectures.
  arXiv  Detail & Related papers  (2020-12-15T19:12:23Z)
• Spatial Attention Pyramid Network for Unsupervised Domain Adaptation [66.75008386980869]
  Unsupervised domain adaptation is critical in various computer vision tasks. We design a new spatial attention pyramid network for unsupervised domain adaptation. Our method performs favorably against the state-of-the-art methods by a large margin.
  arXiv  Detail & Related papers  (2020-03-29T09:03:23Z)
• Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
  Botnets are now a major source for many network attacks, such as DDoS attacks and spam. In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
  arXiv  Detail & Related papers  (2020-03-13T15:34:33Z)
• Security of Distributed Machine Learning: A Game-Theoretic Approach to Design Secure DSVM [31.480769801354413]
  This work aims to develop secure distributed algorithms to protect the learning from data poisoning and network attacks. We establish a game-theoretic framework to capture the conflicting goals of a learner who uses distributed support vector machines (SVMs) and an attacker who is capable of modifying training data and labels. The numerical results show that distributed SVM is prone to fail in different types of attacks, and their impact has a strong dependence on the network structure and attack capabilities.
  arXiv  Detail & Related papers  (2020-03-08T18:54:17Z)
• Understanding Self-Training for Gradual Domain Adaptation [107.37869221297687]
  We consider gradual domain adaptation, where the goal is to adapt an initial classifier trained on a source domain given only unlabeled data that shifts gradually in distribution towards a target domain. We prove the first non-vacuous upper bound on the error of self-training with gradual shifts, under settings where directly adapting to the target domain can result in unbounded error. The theoretical analysis leads to algorithmic insights, highlighting that regularization and label sharpening are essential even when we have infinite data, and suggesting that self-training works particularly well for shifts with small Wasserstein-infinity distance.
  arXiv  Detail & Related papers  (2020-02-26T08:59:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.