Affiliation:
1. Karlsruhe Institute of Technology (KIT) , Institute of Theoretic Computer Science , Karlsruhe , Germany
Abstract
Abstract
Detecting and fending off attacks on computer systems is an enduring problem in computer security. In light of a plethora of different threats and the growing automation used by attackers, we are in urgent need of more advanced methods for attack detection. Manually crafting detection rules is by no means feasible at scale, and automatically generated signatures often lack context, such that they fall short in detecting slight variations of known threats.
In the thesis “Efficient Machine Learning for Attack Detection” [35], we address the necessity of advanced attack detection. For the effective application of machine learning in this domain, a periodic retraining over time is crucial. We show that with the right data representation, efficient algorithms for mining substring statistics, and implementations based on probabilistic data structures, training the underlying model for establishing an higher degree of automation for defenses can be achieved in linear time.
Reference44 articles.
1. C. Aggarwal. A framework for clustering massive-domain data streams. In Proc. of the International Conference on Data Engineering (ICDE), pages 102–113, 2009.
2. D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, and K. Rieck. Drebin: Efficient and explainable detection of Android malware in your pocket. In Proc. of the Network and Distributed System Security Symposium (NDSS), 2014.
3. U. Bayer, P. M. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, behavior-based malware clustering. In Proc. of the Network and Distributed System Security Symposium (NDSS), 2009.
4. B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communication of the ACM, 13 (7): 422–426, 1970.
5. W. B. Cavnar and J. M. Trenkle. N-gram-based text categorization. In Proc. of the Symposium on Document Analysis and Information Retrieval, pages 161–175, 1994.