Abstract
Machine learning (ML) based intrusion detection systems (IDS) are increasingly used to discover abnormal patterns in network data and predict cyberattacks. However, the construction of intrusion response systems (IRS) used to deploy countermeasures and prevent malicious activities is more challenging because they require in-depth understanding of attack patterns, attacker behavior, and the correlation between different types of attacks. Furthermore, IDSs generate a large number of false positives and the confidence with which an attack can be predicted is usually unknown. As a result of these challenges in IDS and IRSs, inappropriate actions may be deployed, which may reduce network performance and users’ ability to perform typical tasks. Therefore, the present work proposes an intrusion detection and response method based on the Calibrated Random Forest (CRF) algorithm to overcome the key challenges related to the construction of an efficient IRS. The proposed CRF is used to quantify uncertainty in the prediction of cyberattacks and expresses each attack as a probability distribution. Subsequently, the predicted probabilities are used as confidence scores and integrated with domain expert knowledge for decision making in an IRS. We then use publicly available intrusion detection data sets to test and evaluate the proposed method based on three metrics: log loss, Brier score, and expected calibration error (ECE). Experimental results show that the proposed method makes intrusion response more reasonable and cost-sensitive, and has the ability to manage criticality, integrate domain knowledge and explain model behavior. It also demonstrates that this method provides an effective solution for security analysts in how to appropriately deploy and prioritize actions.
Original language | English |
---|---|
Title of host publication | 2022 6th International Conference on Cryptography, Security and Privacy (CSP) |
Publisher | IEEE |
Pages | 124-130 |
Number of pages | 7 |
ISBN (Electronic) | 978-1-6654-7975-2 |
ISBN (Print) | 978-1-6654-7976-9 |
DOIs | |
Publication status | Published (in print/issue) - 11 Aug 2022 |
Event | 6th International Conference on Cryptography, Security and Privacy (CSP) - Tianjin, China Duration: 14 Jan 2022 → 16 Jan 2022 https://ieeexplore.ieee.org/xpl/conhome/9844828/proceeding |
Publication series
Name | 2022 6th International Conference on Cryptography, Security and Privacy (CSP) |
---|---|
Publisher | IEEE Control Society |
Conference
Conference | 6th International Conference on Cryptography, Security and Privacy (CSP) |
---|---|
Abbreviated title | CSP |
Country/Territory | China |
City | Tianjin |
Period | 14/01/22 → 16/01/22 |
Internet address |
Bibliographical note
Funding Information:VI. ACKNOWLEDGEMENT This research work is supported by BTIIC (BT Ireland Innovation Centre), funded by BT and Invest Northern Ireland
Publisher Copyright:
© 2022 IEEE.
Keywords
- Intrusion Detection System (IDS)
- Decision making
- Intrusion detection
- Probability distribution
- Behavioral sciences
- Risk management
- Intrusion Detection Systems (IDS)
- Intrusion Response System (IRS)
- Machine Learning (ML)
- Calibration
- Random Forest (RF)