Abstract
With the rise of the data amount being collected and exchanged over networks, the threat of cyber-attacks has also increased significantly. Timely and accurate detection of any intrusion activity in networks has become a crucial task in order to safeguard data and other valuable assets. While manual moderation and programmed logic have been used for this purpose, the use of machine learning algorithms for superior pattern mapping is desired. The system logs in a network tend to include many parameters, and not all of them provide indications of an impending network threat. The selection of the right features is thus important for achieving better results. There is a need for accurate mapping of high dimension features to low dimension intermediate representations while retaining crucial information. In this paper, an approach for feature reduction and selection when working on the task of network threat detection is proposed. This approach modifies the traditional Principal Component Analysis (PCA) algorithm by working on its shortcomings and by minimizing the false detection rates. Specifically, work has been done upon the calculation of symmetric uncertainty and subsequent sorting of features. The performance of the proposed approach is evaluated on four standard-sized datasets that are collected using the Microsoft SYSMON real-time log collection tool. The proposed method is found to be better than the standard PCA and FAST methods for data reduction. The proposed approach makes a strong case as a dimensionality reduction and feature selection technique for minimizing false detection rates when operating on real-time data.
Highlights
AND RELATED WORKNetwork security is of utmost importance, especially for companies or foundations
FAST and Principal Component Analysis (PCA) approaches were combined in a novel way and subsequently machine learning algorithms were used for detecting anomalies that deviate from normal configurations, predicting possible threats to the system
While the output variables received by the dimensionality reduction algorithm can be variable, we judge their effectiveness by comparing the results with those obtained by the models that use other dimensionality reduction methods
Summary
AND RELATED WORKNetwork security is of utmost importance, especially for companies or foundations. SIEMs are associated with Security Operations Center (SOC) to whom they report these threats [23]. They conform to the laws on risks and regulation criteria and make use of predefined rules for catching any network breach or Incident Response (IR). They operate on a static set of vulnerability rules and are not able to detect any trends of a novel attack They are associated with an operational overhead and come up short when working with real-time data. FAST and PCA approaches were combined in a novel way and subsequently machine learning algorithms were used for detecting anomalies that deviate from normal configurations, predicting possible threats to the system.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Engineering, Technology & Applied Science Research
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
