Machine learning (ML) started to become widely deployed in cyber security settings for shortening the detection cycle of cyber attacks. To date, most ML-based systems are either proprietary or make specific choices of feature representations and machine learning models. The success of these techniques is difficult to assess as public benchmark datasets are currently unavailable. In this paper, we provide concrete guidelines and recommendations for using supervised ML in cyber security. As a case study, we consider the problem of botnet detection from network traffic data. Among our findings we highlight that: (1) feature representations should take into consideration attack characteristics; (2) ensemble models are well-suited to handle class imbalance; (3) the granularity of ground truth plays an important role in the success of these methods . Read More

#cyber

Machine Learning (ML) has found its place into cybersecurity a long time ago and usage of ML has given cybersecurity teams much-needed insights into the malware network and effective ways to curb cyber attacks. Most ML-based solutions are proprietary or designed for specific feature representations.

…. Malicious attacks are the most dreaded cyber attacks. But, as the enterprises are collecting a large pool of data through their resources. These data sets are quite useful for machine learning models for the detection of malicious attacks and entities in the system.

ML techniques and models applied on the network data include systems for detecting malicious domains, methods for detecting malware delivery or command-and-control communication, techniques for detecting malicious web pages, and various industrial products for enterprise threat detection. Read More