当前位置:
X-MOL 学术
›
Decis. Support Syst.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
DeepSecure: A computational design science approach for interpretable threat hunting in cybersecurity decision making
Decision Support Systems ( IF 6.7 ) Pub Date : 2024-11-06 , DOI: 10.1016/j.dss.2024.114351 Prabhat Kumar, Danish Javeed, A.K.M. Najmul Islam, Xin (Robert) Luo
Decision Support Systems ( IF 6.7 ) Pub Date : 2024-11-06 , DOI: 10.1016/j.dss.2024.114351 Prabhat Kumar, Danish Javeed, A.K.M. Najmul Islam, Xin (Robert) Luo
Businesses and industries are placing a greater emphasis on information systems for cybersecurity decision-making due to the rising cybersecurity threat landscape and the critical need to protect their digital assets. Threat hunting provides a data-driven and proactive approach to cybersecurity, enabling organizations to efficiently detect, analyze, and respond to cyber threats in real-time. Despite playing a crucial role, these systems face several obstacles, including the manual analysis of technical threat intelligence, the non-Gaussian nature of real-world data, the high rate of false positives produced during threat hunting, and the lack of interpretation and justification for these complex models. This article adopts the computational design science paradigm to develop a novel IT artifact for threat-hunting named DeepSecure. First, to automatically extract latent patterns from multivariate time series datasets, we propose a dynamic vector quantized variational autoencoder technique. Second, a multiscale hierarchical attention bi-directional gated recurrent unit-based threat-hunting mechanism is designed. Finally, we provide the visualization of attention scores to aid in model interpretation. We evaluate the DeepSecure against state-of-the-art benchmarks on two publicly available datasets, namely, ToN-IoT and CSE-CIC-IDS2018. The experimental evaluation proves that our model can efficiently identify threat types. Beyond demonstrating practical utility, the proposed framework can help address the lack of interpretation and justification for complex models in cyber threat detection and will allow organizations to respond to potential security incidents quickly.
中文翻译:
DeepSecure:一种计算设计科学方法,用于网络安全决策中的可解释威胁搜寻
由于网络安全威胁形势不断上升以及保护其数字资产的迫切需求,企业和行业越来越重视信息系统作为网络安全决策。威胁搜寻提供了一种数据驱动的主动网络安全方法,使组织能够有效地实时检测、分析和响应网络威胁。尽管这些系统发挥着至关重要的作用,但面临一些障碍,包括对技术威胁情报的手动分析、真实世界数据的非高斯性质、威胁搜寻过程中产生的高误报率,以及缺乏对这些复杂模型的解释和理由。本文采用计算设计科学范式开发了一种名为 DeepSecure 的新型 IT 工件,用于威胁搜寻。首先,为了从多变量时间序列数据集中自动提取潜在模式,我们提出了一种动态向量量化变分自动编码器技术。其次,设计了一种多尺度分层注意力双向门控循环单元的威胁狩猎机制;最后,我们提供注意力分数的可视化以帮助模型解释。我们根据两个公开可用的数据集(即 ToN-IoT 和 CSE-CIC-IDS2018)的最新基准来评估 DeepSecure。实验评估证明,我们的模型可以有效地识别威胁类型。除了展示实际效用外,拟议的框架还有助于解决网络威胁检测中复杂模型缺乏解释和理由的问题,并使组织能够快速响应潜在的安全事件。
更新日期:2024-11-06
中文翻译:
DeepSecure:一种计算设计科学方法,用于网络安全决策中的可解释威胁搜寻
由于网络安全威胁形势不断上升以及保护其数字资产的迫切需求,企业和行业越来越重视信息系统作为网络安全决策。威胁搜寻提供了一种数据驱动的主动网络安全方法,使组织能够有效地实时检测、分析和响应网络威胁。尽管这些系统发挥着至关重要的作用,但面临一些障碍,包括对技术威胁情报的手动分析、真实世界数据的非高斯性质、威胁搜寻过程中产生的高误报率,以及缺乏对这些复杂模型的解释和理由。本文采用计算设计科学范式开发了一种名为 DeepSecure 的新型 IT 工件,用于威胁搜寻。首先,为了从多变量时间序列数据集中自动提取潜在模式,我们提出了一种动态向量量化变分自动编码器技术。其次,设计了一种多尺度分层注意力双向门控循环单元的威胁狩猎机制;最后,我们提供注意力分数的可视化以帮助模型解释。我们根据两个公开可用的数据集(即 ToN-IoT 和 CSE-CIC-IDS2018)的最新基准来评估 DeepSecure。实验评估证明,我们的模型可以有效地识别威胁类型。除了展示实际效用外,拟议的框架还有助于解决网络威胁检测中复杂模型缺乏解释和理由的问题,并使组织能够快速响应潜在的安全事件。
京公网安备 11010802027423号