Heterogeneous Multi-Sensor Data Fusion with Multi-Class Support Vector Machines: Creating Network Security Situation Awareness

Liu, Xiaowu; Wang, Huiqiang; Liu, Ying; Lai, Jun

doi:10.1109/icmlc.2007.4370604

Cited by 4 publications

(4 citation statements)

References 15 publications

(6 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The RNN is trained to identify network anomalies and enforce control policies, which by utilizing the benefits of the SDN paradigm. X. Liu et al in [ 21 , 22 ] presented a prototype of a multiclass support vector machine (SVM)-based fusion engine. Their outcomes suggest that the SVMs have potential in real-time IDS applications, due to the faster results and reliability of the SVM approach.…”

Section: State Of the Artmentioning

confidence: 99%

Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation

Nikoloudakis

Kefaloukos

Stylianos

et al. 2021

Sensors

View full text Add to dashboard Cite

The ever-increasing number of internet-connected devices, along with the continuous evolution of cyber-attacks, in terms of volume and ingenuity, has led to a widened cyber-threat landscape, rendering infrastructures prone to malicious attacks. Towards addressing systems’ vulnerabilities and alleviating the impact of these threats, this paper presents a machine learning based situational awareness framework that detects existing and newly introduced network-enabled entities, utilizing the real-time awareness feature provided by the SDN paradigm, assesses them against known vulnerabilities, and assigns them to a connectivity-appropriate network slice. The assessed entities are continuously monitored by an ML-based IDS, which is trained with an enhanced dataset. Our endeavor aims to demonstrate that a neural network, trained with heterogeneous data stemming from the operational environment (common vulnerability enumeration IDs that correlate attacks with existing vulnerabilities), can achieve more accurate prediction rates than a conventional one, thus addressing some aspects of the situational awareness paradigm. The proposed framework was evaluated within a real-life environment and the results revealed an increase of more than 4% in the overall prediction accuracy.

show abstract

Section: State Of the Artmentioning

confidence: 99%

Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation

Nikoloudakis

Kefaloukos

Stylianos

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…There are several mathematical algorithms under those four categories. For example, [17] utilises Support Vector Machines (SVMs) as the fusion algorithm for network security situational awareness, and paper [18] proposes a Hierarchical Network Security Situation Assessment Model (HNSSAM) with DS data fusion for cyber security. Spatiotemporal event correlation is used for anomaly detection and for network forensics in study [19].…”

Section: Multi Sensor Data Fusionmentioning

confidence: 99%

Architecture for the Cyber Security Situational Awareness System

Kokkonen

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Related researches include Qin and Lee's Bayesian network probability-based correlation and Granger Causality Testbased correlation [10], Steven's attack scenarios recognition method based on the expert system [11], and Nurbol's alert correlation and filtering method based on the hidden Markov model [12]. 3) Some other knowledge-based alert correlation, for example, Liu's heterogeneous multi-sensor data fusion method with multi-class support vector machine [13], Julisch's root cause analysis method [14], Amann's network intrusion detection method with real-time Intelligence [15] and so on.…”

Section: A Alert Correlation Based On the Causal Knowledgementioning

confidence: 99%

“…Since then, alert correlation becomes a hotspot, which aims to identify attack activities and reconstruct attack scenarios from the multisource alerts. However, there is not a standard definition about alert correlation by far, and researchers generally consider that as an application of data fusion in the field of intrusion detection [3] [4]. We classify the relationships between alerts into three categories, namely redundant, logical, and conflicting [5].…”

Section: Introductionmentioning

confidence: 99%

An Approach of Discovering Causal Knowledge for Alert Correlating Based on Data Mining

Feng

Wang

Huang

et al. 2014

2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing

View full text Add to dashboard Cite

The process of attackers exploiting the target facilities is always gradual in cyberspace, and multiple attack steps would be performed in order to achieve the ultimate goal. How to identify the attack scenarios is one of the challenges in many research fields, such as cyberspace security situation awareness, the detection of APT (Advanced Persistent Threat) and so on. Alert correlation analysis based on causal knowledge is one of the widely adopted methods in CEP (Complex Event Processing), which is a promising way to identify multi-step attack processes and can reconstruct attack scenarios. However, current researches suffer from the problem of defining causal knowledge manually. In order to solve this problem, we propose an approach of mining for causal knowledge automatically based on the Markov property in this paper. Firstly, the raw alert stream is clustered into several alert sets, then each set is mined in order to obtain the one step transition probability matrix based on the Markov property, and after being generated, each matrix represents a piece of causal knowledge. Then we fuse the knowledge which has overlapping steps to create the knowledge base of attack patterns. Finally the experimental results show that this approach is feasible.

show abstract

Heterogeneous Multi-Sensor Data Fusion with Multi-Class Support Vector Machines: Creating Network Security Situation Awareness

Cited by 4 publications

References 15 publications

Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation

Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation

Architecture for the Cyber Security Situational Awareness System

An Approach of Discovering Causal Knowledge for Alert Correlating Based on Data Mining

Contact Info

Product

Resources

About