FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W3207884071> ?p ?o ?g. }

• W3207884071 endingPage "21" @default.
• W3207884071 startingPage "1" @default.
• W3207884071 abstract "Machine learning has been widely used for solving challenging problems in diverse areas. However, to the best of our knowledge, seldom literature has discussed in-depth how machine learning approaches can be used effectively to “hunt” (identify) threats, especially advanced persistent threats (APTs) , in a monitored environment. In this study, we share our past experiences in building machine learning-based threat-hunting models. Several challenges must be considered when a security team attempts to build such models. These challenges include (1) weak signal, (2) imbalanced data sets, (3) lack of high-quality labels, and (4) no storyline. In this study, we propose Fuchikoma and APTEmu to demonstrate how we tackle the above-mentioned challenges. The former is a proof of concept system for demonstrating the ideas behind autonomous threat-hunting. It is a machine learning-based anomaly detection and threat hunting system which leverages natural language processing (NLP) and graph algorithms. The latter is an APT emulator, which emulates the behavior of a well-known APT called APT3, which is the target used in the first round of MITRE ATT&CK Evaluations. APTEmu generates attacks on Windows machines in a virtualized environment, and the captured system events can be further used to train and enhance Fuchikoma’s capabilities. We illustrate the steps and experiments we used to build the models, discuss each model’s effectiveness and limitations of each model, and propose countermeasures and solutions to improve the models. Our evaluation results show that machine learning algorithms can effectively assist threat hunting processes and significantly reduce security analysts’ efforts. Fuchikoma correctly identifies malicious commands and achieves high performance in terms of over 80% True Positive Rate and True Negative Rate and over 60% F3. We believe our proposed approaches provide valuable experiences in the area and shed light on automated threat-hunting research." @default.
• W3207884071 created "2021-10-25" @default.
• W3207884071 creator A5013697048 @default.
• W3207884071 creator A5028750581 @default.
• W3207884071 creator A5031831578 @default.
• W3207884071 creator A5067572289 @default.
• W3207884071 creator A5075393207 @default.
• W3207884071 creator A5087811659 @default.
• W3207884071 date "2022-03-30" @default.
• W3207884071 modified "2023-10-14" @default.
• W3207884071 title "Building Machine Learning-based Threat Hunting System from Scratch" @default.
• W3207884071 cites W2890262614 @default.
• W3207884071 cites W2962703433 @default.
• W3207884071 cites W2986944522 @default.
• W3207884071 cites W2997591727 @default.
• W3207884071 cites W3011894540 @default.
• W3207884071 cites W3015650867 @default.
• W3207884071 cites W3099203541 @default.
• W3207884071 cites W3101413764 @default.
• W3207884071 doi "https://doi.org/10.1145/3491260" @default.
• W3207884071 hasPublicationYear "2022" @default.
• W3207884071 type Work @default.
• W3207884071 sameAs 3207884071 @default.
• W3207884071 citedByCount "0" @default.
• W3207884071 crossrefType "journal-article" @default.
• W3207884071 hasAuthorship W3207884071A5013697048 @default.
• W3207884071 hasAuthorship W3207884071A5028750581 @default.
• W3207884071 hasAuthorship W3207884071A5031831578 @default.
• W3207884071 hasAuthorship W3207884071A5067572289 @default.
• W3207884071 hasAuthorship W3207884071A5075393207 @default.
• W3207884071 hasAuthorship W3207884071A5087811659 @default.
• W3207884071 hasBestOaLocation W32078840711 @default.
• W3207884071 hasConcept C111919701 @default.
• W3207884071 hasConcept C119857082 @default.
• W3207884071 hasConcept C132525143 @default.
• W3207884071 hasConcept C154945302 @default.
• W3207884071 hasConcept C2781235140 @default.
• W3207884071 hasConcept C41008148 @default.
• W3207884071 hasConcept C739882 @default.
• W3207884071 hasConcept C80444323 @default.
• W3207884071 hasConceptScore W3207884071C111919701 @default.
• W3207884071 hasConceptScore W3207884071C119857082 @default.
• W3207884071 hasConceptScore W3207884071C132525143 @default.
• W3207884071 hasConceptScore W3207884071C154945302 @default.
• W3207884071 hasConceptScore W3207884071C2781235140 @default.
• W3207884071 hasConceptScore W3207884071C41008148 @default.
• W3207884071 hasConceptScore W3207884071C739882 @default.
• W3207884071 hasConceptScore W3207884071C80444323 @default.
• W3207884071 hasIssue "3" @default.
• W3207884071 hasLocation W32078840711 @default.
• W3207884071 hasOpenAccess W3207884071 @default.
• W3207884071 hasPrimaryLocation W32078840711 @default.
• W3207884071 hasRelatedWork W2065109233 @default.
• W3207884071 hasRelatedWork W2961085424 @default.
• W3207884071 hasRelatedWork W3046775127 @default.
• W3207884071 hasRelatedWork W3170094116 @default.
• W3207884071 hasRelatedWork W4285260836 @default.
• W3207884071 hasRelatedWork W4286629047 @default.
• W3207884071 hasRelatedWork W4306321456 @default.
• W3207884071 hasRelatedWork W4306674287 @default.
• W3207884071 hasRelatedWork W4313347119 @default.
• W3207884071 hasRelatedWork W4224009465 @default.
• W3207884071 hasVolume "3" @default.
• W3207884071 isParatext "false" @default.
• W3207884071 isRetracted "false" @default.
• W3207884071 magId "3207884071" @default.
• W3207884071 workType "article" @default.