cyber threat detection -artifical neural networks

event profiles based security events through deep learning

AI-SIEM
neural networks used -FCNN,CNN,LSTM
focus-false threats and real threats
datasets used:NSLKDD CICIDs2017
machine learning methods:SVM,k-NN,RF,NB,DT
proposed methods performance > conventional methods.

IPS intrusion detection system -enterprise network-network flows and protocols -

signature methods -intrusion alerts-knows
as security events-reported -SIEM-
SIEM-Security information and event management
ips alerts sent to SIEM
SIEM-best and dependable solution for anlaysing and collection security events
suspicious alerts -threshold and policies
malicious behaviour-correlation between events--attack knowledge
IPS detection hard -intelligent networks false alerts + large data
learning based method --- attack model--historical threat data
unknown cyber threats-trained models
large data -more events
ANLAYST DRIVEN & machine learning solutions types in security solutions
alayst driven -security experts-analysts
learning based approaches -limitations
1.labelled data -not provided by SIEM
2.learning data -not generlaized with real world data.
3.Anomaly based network intrusion -detecting cyber threats -large false data.
4.hacker -behavious change pattern-
security systems-short term events-need large time term

IDS-monitor and process large amounts of data

network infrastructure -adaapt
IDS-better detection efficancy and performance network security
threat intelligence improve ids effectiveness nor replace them
performance ...efficancy is imp in data centre
server vulnerablities ---ids not firewall
hybrid enviorment
ids- It helps mitigate various insider attacks,
prevent a stealth attack that moves laterally through
the network to increase an attacker’s footprint, as well
as thwart sophisticated external attacks like denial-of-
service (DoS) or distributed denial-of-service (DDoS),
thereby helping to close all security gaps and providing
comprehensive network security without compromising
performance or scalability.

ISHEILD monitors and collects suspicious activities on hosts and endpoint data
with rules-based automated response and analysis capabilities
which includes automation to identify and respond to threats based on RISK SCORE of
ISHEILD policies to determine the level of authentication
required for each access request like granting access, requiring an additional
authentication factor or blocking access as needed.
to do this we need to calculates an overall risk score per user, device and
resource, to respond to the threats and implement recommended authentication
policies.
as we get more data analysed ,through accurate risk scores will enable ISHEILD to
enforce effective
adaptive policies to maximize security while minimizing disruptions to the
workforce.

My contribution would be to determine the policies,set risk scores and determine

threat rules.
i would like to further be part of the network realted stuff in the ISHEILD
project.

Monitor and collect activity data from endpoints that could indicate a threat
Analyze this data to identify threat patterns
Automatically respond to identified threats to remove or contain them, and
notify security personnel
Forensics and analysis tools to research identified threats and search for
suspicious activities