Picture for Andrew Golczynski

Andrew Golczynski

End-To-End Anomaly Detection for Identifying Malicious Cyber Behavior through NLP-Based Log Embeddings

Add code
Aug 27, 2021
Andrew Golczynski, John A. Emanuello
Figure 1 for End-To-End Anomaly Detection for Identifying Malicious Cyber Behavior through NLP-Based Log Embeddings
Figure 2 for End-To-End Anomaly Detection for Identifying Malicious Cyber Behavior through NLP-Based Log Embeddings
Figure 3 for End-To-End Anomaly Detection for Identifying Malicious Cyber Behavior through NLP-Based Log Embeddings
Figure 4 for End-To-End Anomaly Detection for Identifying Malicious Cyber Behavior through NLP-Based Log Embeddings

Rule-based IDS (intrusion detection systems) are being replaced by more robust neural IDS, which demonstrate great potential in the field of Cybersecurity. However, these ML approaches continue to rely on ad-hoc feature engineering techniques, which lack the capacity to vectorize inputs in ways that are fully relevant to the discovery of anomalous cyber activity. We propose a deep end-to-end framework with NLP-inspired components for identifying potentially malicious behaviors on enterprise computer networks. We also demonstrate the efficacy of this technique on the recently released DARPA OpTC data set.

* Presented at 1st International Workshop on Adaptive Cyber Defense, 2021 (arXiv:2108.08476) 
Viaarxiv icon
Github IconAccess Paper or Ask Questions
Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon