Automatic Labeling for Entity Extraction in Cyber Security

22 Aug 20132 code implementations

Timely analysis of cyber-security information necessitates automated information extraction from unstructured text.

ENTITY EXTRACTION

Towards a relation extraction framework for cyber-security concepts

16 Apr 20151 code implementation

In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed.

ACTIVE LEARNING INFORMATION RETRIEVAL RELATION EXTRACTION

eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths and Registry Keys

27 Feb 20171 code implementation

For years security machine learning research has promised to obviate the need for signature based detection by automatically learning to detect indicators of attack.

INTRUSION DETECTION

Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection

22 Aug 20172 code implementations

The problem of cross-platform binary code similarity detection aims at detecting whether two binary functions coming from different platforms are similar or not.

GRAPH EMBEDDING GRAPH MATCHING MALWARE DETECTION

Anomaly Detection with Generative Adversarial Networks for Multivariate Time Series

13 Sep 20182 code implementations

We used LSTM-RNN in our GAN to capture the distribution of the multivariate time series of the sensors and actuators under normal working conditions of a CPS.

ANOMALY DETECTION TIME SERIES

MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks

15 Jan 20191 code implementation

The prevalence of networked sensors and actuators in many real-world systems such as smart buildings, factories, power plants, and data centers generate substantial amounts of multivariate time series data for these systems.

ANOMALY DETECTION TIME SERIES

Recurrent Neural Network Language Models for Open Vocabulary Event-Level Cyber Anomaly Detection

2 Dec 20171 code implementation

By treating system logs as threads of interleaved "sentences" (event log lines) to train online unsupervised neural network language models, our approach provides an adaptive model of normal network behavior.

ANOMALY DETECTION FEATURE ENGINEERING

Statistical Anomaly Detection via Composite Hypothesis Testing for Markov Models

27 Feb 20172 code implementations

Under Markovian assumptions, we leverage a Central Limit Theorem (CLT) for the empirical measure in the test statistic of the composite hypothesis Hoeffding test so as to establish weak convergence results for the test statistic, and, thereby, derive a new estimator for the threshold needed by the test.

ANOMALY DETECTION

Adversarial Clustering: A Grid Based Clustering Algorithm Against Active Adversaries

13 Apr 20181 code implementation

Most of the previous work focused on adversarial classification techniques, which assumed the existence of a reasonably large amount of carefully labeled data instances.