The LeWiS Method: Target Variable Estimation using Cyber Security Intelligence

Leigh Chase, Alaa Mohasseb, Benjamin Aziz

2021

Abstract

Information Technology plays an increasingly important role in the provision of essential services. For these systems and networks to be reliable and trustworthy, we must defend them from those who would seek to compromise their Confidentiality, Integrity and Availability. Security intelligence tells us about the Tactics, Techniques and Procedures used by threat actors for these very purposes. In this paper, we introduce a novel method for learning malicious behaviours and then estimating how likely it is that a system has been compromised. One of the difficulties encountered when applying machine learning to cyber security, is the lack of ground truth on which to train supervised techniques. This is often compounded by the volume, variety and velocity of data which is far greater than can be processed using only human analyses. The technique, known as LeWiS, includes data preparation and processing phases that learn and later predict the presence of threat actors using a model of their behaviours. The method addresses the problems of scale and veracity, by learning Indicators of Attack via feature extraction from security intelligence that has been obtained through empirical methods. This approach shows promising classification performance for detecting learned malicious behaviours, within synthesised systems’ event data.

Download


Paper Citation


in Harvard Style

Chase L., Mohasseb A. and Aziz B. (2021). The LeWiS Method: Target Variable Estimation using Cyber Security Intelligence. In Proceedings of the 17th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-758-536-4, pages 15-26. DOI: 10.5220/0010645000003058


in Bibtex Style

@conference{webist21,
author={Leigh Chase and Alaa Mohasseb and Benjamin Aziz},
title={The LeWiS Method: Target Variable Estimation using Cyber Security Intelligence},
booktitle={Proceedings of the 17th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2021},
pages={15-26},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010645000003058},
isbn={978-989-758-536-4},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 17th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - The LeWiS Method: Target Variable Estimation using Cyber Security Intelligence
SN - 978-989-758-536-4
AU - Chase L.
AU - Mohasseb A.
AU - Aziz B.
PY - 2021
SP - 15
EP - 26
DO - 10.5220/0010645000003058