Total views : 167

Multiple Profiles based Ensemble Model for Analytical Classification of Cyber Incident

Affiliations

  • Division of Information and Communication Engineering, Baekseok University, Korea;
  • Department of Cyber Security, Pai Chai University, Korea;

Abstract


Background/Objectives: Cyber incidents collected from security information & event management system are growing rapidly due to expanding malicious code and companies got to collect more data and to use a variety of information with the advent of big data. Methods/Statistical Analysis: It is difficult for cyber incident analysts to extract and classify similar features due to Cyber Attacks. To solve these problems, the analytical classification of cyber incidentis formerly generated for one of the profiles from the features of cyber incidentsand cyber observable, and by evaluating the degree of similarity based on this profile, similar cyber incident is identified. Findings: Analytical classification from big data of cyber incident requires various features of cyber observables that compose the cyber incident. Therefore, it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified asthe same features of cyber observables. When utilizing an ensemble algorithm and grouping similar features, we calculate the similarity, it shows higher accuracy of the classification than it is calculated based on the same criteria. Improvements/Applications: We propose a multiprofile ensemble model performed similarity analysis on cyber incident based on both attack type and cyber observable that can enhance the accuracy of the classification.

Keywords

Classification, Cyber Incident, Cyber Observable, Ensemble Model, Intrusion, Profiles.

Full Text:

 |  (PDF views: 120)

References


  • Ten C, Manimaran G, Liu C. Cybersecurity for Critical Infrastructures: Attack and defensemodeling, IEEE Transactions on Systems.2000; 40(4):853–65.
  • Faysel MA, Syed S, Haque. Towards cyber defense: Research in intrusion detection and intrusion prevention systems. International Journal of Computer Science and Network Security. 2010; 10(7):316–25.
  • Singh S, Agrawal S, Murtaza A, Rizvi, Thakur RS. Improved support vector machine for cyber-attack detection. Proceeding of WCECS IEEE; 2011.
  • Bapuji V, Kumar RN, Govardhan A, Sarma SSVN. Soft computing and artificial intelligence techniques for intrusion detection system. Network and Complex Systems.2012; 2(4):24–33.
  • Nguyen HD, Cheng Q. An efficient feature selection method for distributed cyber attack detection and classification. 2011 45th Annual Conference on Information Sciences and Systems (CISS); 2011. p. 1–6.
  • Kumar B, Mishra, Saini H. Cyber attack classification using game theoretic weighted metrics approach. World Applied Sciences Journal. 2009;7(Special Issue of Computer & IT):206–15.
  • Du H, Murphy C, Bean J, Yang SJ. Toward unsupervised classification of non-uniform cyber attack tracks. International Conference on Information Fusion; 2009.p. 1919–25.
  • Jain A, Singh AS. Distributed Denial Of Service (DDOS) Attacks - classification and implications. Journal of Information and Operations Management. 2012; 3(1):136–40.
  • Dharamkar B, Singh R. Cyber-attack classification using improved ensemble technique based on support vector machine and neural network. International Journal of Computer Application. 2014; 103(11):1–7.
  • Amudha P, Karthik S, Sivakumari S. An experimental analysis of hybrid classification approach for intrusion detection. Indian Journal of Science and Technology. 2016 Apr; 9(13):1–8.
  • Sharma M, Singh SK, Agrawal P, Madaan V. Classification of clinical dataset of cervical cancer using KNN. Indian Journal of Science and Technology. 2016 Jul; 9(28):1–5.
  • Suganthi RLS, Hanumanthappa M. Classification of event image set using mining techniques. Indian Journal of Science and Technology. 2016 Jun; 9(22):1–6.
  • Verma A, Kaur I, Kaur A.Algorithmic approach to data mining and classification techniques.Indian Journal of Science and Technology. 2016 Jul; 9(28):1–22.
  • Vega-Pons S,Ruiz-Shulcloper J. A survey of clustering ensemble algorithms. International Journal of Pattern Recognition and Artificial Intelligence. 2011;25(3):337–72.
  • Singh S, Silakari S. An ensemble approach for cyber attack detection system: A generic framework. 2013 14th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking andParallel/Distributed Computing( SNPD); 2013. p. 79–84.
  • Rathore D, Jain.Design hybrid method for intrusion detection using Ensemble cluster classification and SOM network. International Journal of Advanced Computer Research. 2012; 2(5):181–6.
  • Jouve PE,Nicoloyannis N. A new method for combining partitions, applications for distributed clustering. Proceeding of the International Workshop on Parallel and Distributed Machine Learning and Data Mining;2003.
  • Kim J, Ahn B-H, Jeong D. A recommender system using mixed filtering for health products. The Journal of Internet Electronic Commerce Research. 2012; 12(2):109–24.
  • Marin J,Ragsdale D, Sirdu J. A hybrid approach to the profile creation and intrusion detection. Proceedings of DARPA Information Survivability Conference and Exposition II, (DISCEX ‘01). 2001; 1:69–76.
  • Kim YS, Mun H-J, Cho H, Kim B, Lee J, Lee JW, Lee BY. The composition and analytical classification of cyber incident based Hierarchical Cyber Observables. Journal of the Korea Content Association.2016;16(11):139–53.

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.