Table 2 . Performance Metrics.

A comprehensive investigation of clustering algorithms for User and Entity Behavior Analytics

Article

Full-text available

Apr 2024

Introduction Government agencies are now encouraging industries to enhance their security systems to detect and respond proactively to cybersecurity incidents. Consequently, equipping with a security operation center that combines the analytical capabilities of human experts with systems based on Machine Learning (ML) plays a critical role. In this setting, Security Information and Event Management (SIEM) platforms can effectively handle network-related events to trigger cybersecurity alerts. Furthermore, a SIEM may include a User and Entity Behavior Analytics (UEBA) engine that examines the behavior of both users and devices, or entities, within a corporate network. Methods In recent literature, several contributions have employed ML algorithms for UEBA, especially those based on the unsupervised learning paradigm, because anomalous behaviors are usually not known in advance. However, to shorten the gap between research advances and practice, it is necessary to comprehensively analyze the effectiveness of these methodologies. This paper proposes a thorough investigation of traditional and emerging clustering algorithms for UEBA, considering multiple application contexts, i.e., different user-entity interaction scenarios. Results and discussion Our study involves three datasets sourced from the existing literature and fifteen clustering algorithms. Among the compared techniques, HDBSCAN and DenMune showed promising performance on the state-of-the-art CERT behavior-related dataset, producing groups with a density very close to the number of users.

NEURAL NETWORKS IN DETECTING ATTACKS ON DISTRIBUTED SYSTEMS

Article

Full-text available

Feb 2024

Сучасні виклики до обробки великих обсягів інформації вирішуються за допомогою складних розподілених систем, які своєю чергою потребують кіберзахисту, що дозволяє керувати ризиками безпеки, такими як заволодіння інформацією, шпигунства, зниження продуктивності систем та ін. У цій статті зроблено огляд деяких засобів виявлення кібератак, які зокрема застосовують машинне навчання, наведені їхні переваги, недоліки, методи роботи, вразливості та підходи до їх захисту. Аналіз атак проти засобів захисту на основі машинного навчання, які використовують підхід детекції аномалій, показав що існують слабкі місця, що потребують додаткового захисту, наприклад, розподілені в часі атаки можуть адаптуватись до допустимих діапазонів відхилення показників мережі. Виконано огляд механізмів забезпечення стійкості систем захисту до таких впливів, а саме додавання різноманітних шумів під час навчання, зменшення інтервалів значень параметрів системи, варіації донавчання моделі на оманливих даних, використання спеціальних класифікаторів.

A Reinvent Survey on Machine Learning Attacks

Article

Full-text available

Nov 2023

The increasing prevalence of machine learning technology highlights the urgent need to delve into its insinuations for safety and confidentiality. While inquiry on the safety aspects of mechanism knowledge has garnered considerable attention, privacy considerations have often taken a backseat, although recent years have seen a significant upswing in privacy-focused research. In an effort to contribute to this growing field, we conducted an analysis encompassing more than 40 articles addressing privacy threats in the context of mechanism knowledge, published ended the historical seven centuries. We have contributed to this research by creating a thorough threat architecture and an assault taxonomy. These tools help in categorizing various attacks based on the assets they target and the knowledge adversaries possess. We also conducted an in-depth exploration of the different privacy threats posed by machine learning, shedding light on their mechanisms and implications. Furthermore, our research includes a preliminary investigation into the underlying reasons for privacy breaches in machine learning systems. This aspect delves into the root causes of privacy leaks, shedding light on the factors that make such incidents more likely to occur. In addition to identifying privacy threats and their causes, we have compiled a summary of the most commonly proposed defense mechanisms against these threats. These defences can serve as a resource for organizations and researchers seeking to bolster the privacy of their machine learning systems. Lastly, we recognize that the field of machine learning privacy still faces unanswered questions and developing difficulties. As such, we encourage further research and exploration of potential future areas of interest. By addressing these unresolved issues and embracing emerging technologies and methodologies, we can better safeguard the privacy of individuals in an increasingly data-driven and machine learning-driven world.

Data Privacy and Security in Big Data: A Comparative Analysis

Article

Sep 2023

SANTOSH DANGAL

The rapid proliferation of big data and data- driven decision-making has brought about unprecedented technological advancements, revolutionizing various industries. Organizations now harness extensive data to extract valuable insights, optimize operations, and enhance customer experiences. However, this data-driven landscape raises concerns about individual privacy and data security. As personal information collection and analysis become more prevalent, robust privacy approaches are imperative. This research paper conducts a comparative analysis of privacy approaches in the context of big data and data-driven decision-making. It examines traditional methods such as cryptography, anonymization, and access controls, alongside emerging techniques like differential privacy, homomorphic encryption, and secure multi-party computation. Qualitative content analysis and thematic coding gather insights from academic literature, reports, and expert interviews. The findings highlight each approach's strengths, limitations, and trade-offs, offering valuable insights for organizations aiming to balance data utility with privacy preservation. This study contributes to understanding ethical concerns, legal compliance, data quality, trust, and technological advancements in the pursuit of responsible data-driven decision-making while safeguarding privacy. Key Words: privacy preservation, big data analytics, data privacy strategies, ethical data use, emerging privacy techniques

File Tracking and Visualization Methods Using a Network Graph to Prevent Information Leakage

Article

Sep 2023
IEICE T INF SYST

Information leakage is a significant threat to organizations, and effective measures are required to protect information assets. As confidential files can be leaked through various paths, a countermeasure is necessary to prevent information leakage from various paths, from simple drag-and-drop movements to complex transformations such as encryption and encoding. However, existing methods are difficult to take countermeasures depending on the information leakage paths. Furthermore, it is also necessary to create a visualization format that can find information leakage easily and a method that can remove unnecessary parts while leaving the necessary parts of information leakage to improve visibility. This paper proposes a new information leakage countermeasure method that incorporates file tracking and visualization. The file tracking component recursively extracts all events related to confidential files. Therefore, tracking is possible even when data have transformed significantly from the original file. The visualization component represents the results of file tracking as a network graph. This allows security administrators to find information leakage even if a file is transformed through multiple events. Furthermore, by pruning the network graph using the frequency of past events, the indicators of information leakage can be more easily found by security administrators. In experiments conducted, network graphs were generated for two information leakage scenarios in which files were moved and copied. The visualization results were obtained according to the scenarios, and the network graph was pruned to reduce vertices by 17.6% and edges by 10.9%.

A New Solution for Cyber Security in Big Data Using Machine Learning Approach

Chapter

Full-text available

May 2023

The information management System works on the incident association, used to track and identify previously established threats, and is no longer suitable due to variants in the complexity of cyber vulnerability patterns. Traditional strategies have hit their limits, necessitating innovative and intelligent frameworks to solve evolving problems and threats of big data security. To achieve a deeper understanding of the current situation, we undertook a critical analysis need of the literature review domains on big data protection. An Outfit solution for big data cryptography is suggested in the proposed work. To test the method, we fed the benchmark data to classifiers KNN, SVM and MLP (k-nearest neighbor, support vector machine and multilayer Perceptron), by comparing the performance of standalone classifiers by Outfit Method (approach) among listed classifiers. The findings reveal that when it comes to big data cryptography, the Outfit solution outperforms standalone classifiers.KeywordsBig dataCyber securityCongenialMalignantInformation scienceNew approachSupport vector machine

A New Solution for Cyber Security in Big Data Using Machine Learning Approach

Conference Paper

Full-text available

May 2023

The information management System works on the incident association, used to track and identify previously established threats, and is no longer suitable due to variants in the complexity of cyber vulnerability patterns. Traditional strategies have hit their limits, necessitating innovative and intelligent frameworks to solve evolving problems and threats of big data security. To achieve a deeper understanding of the current situation, we undertook a critical analysis need of the literature review domains on big data protection. An Outfit solution for big data cryptography is suggested in the proposed work. To test the method, we fed the benchmark data to classifiers KNN, SVM and MLP (k-nearest neighbor, support vector machine and multilayer Perceptron), by comparing the performance of standalone classifiers by Outfit Method (approach) among listed classifiers. The findings reveal that when it comes to big data cryptography, the Outfit solution outperforms standalone classifiers.

A Review of Machine Learning-based Algorithms for Intrusion Detection System

Article

Full-text available

Feb 2023

The Human Immunodeficiency Virus (HIV) is a virus that attacks immune cells known as CD4 cells, which are a type of T cell. These are white blood cells that circulate throughout the body, detecting defects and abnormalities in cells as well as infections. When HIV targets and infiltrates these cells, it reduces the body's ability to fight off other diseases. This raise the likelihood and severity of opportunistic infections and cancer. Since there has been no effective cure for the global HIV/AIDS epidemic for more than 40 years, current control strategies have centered on reducing (or eliminating) new infections through risk reduction. As a result, the modified logistic regression model is used to predict HIV risk factors. The model will be used to assess the strength of the association between each of the hypothesized risk factors, as well as to determine the efficiency of the modified model, using the statistical tool SPSS version 25.0

Mitigating Adversarial Gray-Box Attacks Against Phishing Detectors

Preprint

Full-text available

Dec 2022

Although machine learning based algorithms have been extensively used for detecting phishing websites, there has been relatively little work on how adversaries may attack such "phishing detectors" (PDs for short). In this paper, we propose a set of Gray-Box attacks on PDs that an adversary may use which vary depending on the knowledge that he has about the PD. We show that these attacks severely degrade the effectiveness of several existing PDs. We then propose the concept of operation chains that iteratively map an original set of features to a new set of features and develop the "Protective Operation Chain" (POC for short) algorithm. POC leverages the combination of random feature selection and feature mappings in order to increase the attacker's uncertainty about the target PD. Using 3 existing publicly available datasets plus a fourth that we have created and will release upon the publication of this paper, we show that POC is more robust to these attacks than past competing work, while preserving predictive performance when no adversarial attacks are present. Moreover, POC is robust to attacks on 13 different classifiers, not just one. These results are shown to be statistically significant at the p < 0.001 level.

Intrusion Detection Systems Using Support Vector Machines on the KDDCUP'99 and NSL-KDD Datasets: A Comprehensive Survey

Preprint

Full-text available

Sep 2022

With the growing rates of cyber-attacks and cyber espionage, the need for better and more powerful intrusion detection systems (IDS) is even more warranted nowadays. The basic task of an IDS is to act as the first line of defense, in detecting attacks on the internet. As intrusion tactics from intruders become more sophisticated and difficult to detect, researchers have started to apply novel Machine Learning (ML) techniques to effectively detect intruders and hence preserve internet users' information and overall trust in the entire internet network security. Over the last decade, there has been an explosion of research on intrusion detection techniques based on ML and Deep Learning (DL) architectures on various cyber security-based datasets such as the DARPA, KDDCUP'99, NSL-KDD, CAIDA, CTU-13, UNSW-NB15. In this research, we review contemporary literature and provide a comprehensive survey of different types of intrusion detection technique that applies Support Vector Machines (SVMs) algorithms as a classifier. We focus only on studies that have been evaluated on the two most widely used datasets in cybersecurity namely: the KDDCUP'99 and the NSL-KDD datasets. We provide a summary of each method, identifying the role of the SVMs classifier, and all other algorithms involved in the studies. Furthermore, we present a critical review of each method, in tabular form, highlighting the performance measures, strengths, and limitations of each of the methods surveyed.

Performance Metrics.

Context in source publication

Citations