From Machine Learning Based Intrusion Detection to Cost Sensitive Intrusion Response

Tazar Hussain, Alfie Beard, Liming Chen, Chris Nugent, Jun Liu, Adrian Moore

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Machine learning (ML) based intrusion detection systems (IDS) are increasingly used to discover abnormal patterns in network data and predict cyberattacks. However, the construction of intrusion response systems (IRS) used to deploy countermeasures and prevent malicious activities is more challenging because they require in-depth understanding of attack patterns, attacker behavior, and the correlation between different types of attacks. Furthermore, IDSs generate a large number of false positives and the confidence with which an attack can be predicted is usually unknown. As a result of these challenges in IDS and IRSs, inappropriate actions may be deployed, which may reduce network performance and users’ ability to perform typical tasks. Therefore, the present work proposes an intrusion detection and response method based on the Calibrated Random Forest (CRF) algorithm to overcome the key challenges related to the construction of an efficient IRS. The proposed CRF is used to quantify uncertainty in the prediction of cyberattacks and expresses each attack as a probability distribution. Subsequently, the predicted probabilities are used as confidence scores and integrated with domain expert knowledge for decision making in an IRS. We then use publicly available intrusion detection data sets to test and evaluate the proposed method based on three metrics: log loss, Brier score, and expected calibration error (ECE). Experimental results show that the proposed method makes intrusion response more reasonable and cost-sensitive, and has the ability to manage criticality, integrate domain knowledge and explain model behavior. It also demonstrates that this method provides an effective solution for security analysts in how to appropriately deploy and prioritize actions.
Original languageEnglish
Title of host publication2022 6th International Conference on Cryptography, Security and Privacy (CSP)
PublisherIEEE
ISBN (Electronic)978-1-6654-7975-2
ISBN (Print)978-1-6654-7976-9
DOIs
Publication statusPublished (in print/issue) - 11 Aug 2022
Event6th International Conference on Cryptography, Security and Privacy (CSP) - Tianjin, China
Duration: 14 Jan 202216 Jan 2022
https://ieeexplore.ieee.org/xpl/conhome/9844828/proceeding

Publication series

Name2022 6th International Conference on Cryptography, Security and Privacy (CSP)
PublisherIEEE Control Society

Conference

Conference6th International Conference on Cryptography, Security and Privacy (CSP)
Abbreviated titleCSP
Country/TerritoryChina
CityTianjin
Period14/01/2216/01/22
Internet address

Keywords

  • Intrusion Detection System (IDS)
  • Decision making
  • Intrusion detection
  • Probability distribution
  • Behavioral sciences
  • Risk management
  • Intrusion Detection Systems (IDS)
  • Intrusion Response System (IRS)
  • Machine Learning (ML)
  • Calibration
  • Random Forest (RF)

Fingerprint

Dive into the research topics of 'From Machine Learning Based Intrusion Detection to Cost Sensitive Intrusion Response'. Together they form a unique fingerprint.

Cite this