Beruflich Dokumente
Kultur Dokumente
CyberSec Research ML
Data Fusion (General)
High Detection but Semantic Gap
University of Granada
Jos Camacho, Ph.D.
4 40
3 35
University of Granada
2 30
Jos Camacho, Ph.D.
1 25
V2
0 20
-1 15
-2 10
-3 5
-4 0
-4 -3 -2 -1 0 1 2 3 4 1 2 3 4 5 6 7 8 9 10
V1
3
Seguridad en Redes Corporativas: Detectando al Intruso 3
MSNM - I
Multivariate Network Security Monitoring (MSNM)
Network Engineering and Security Group
University of Granada
Jos Camacho, Ph.D.
4
Seguridad en Redes Corporativas: Detectando al Intruso 4
MSNM - II
MSNM: 5 steps from the hay to the needle
Network Engineering and Security Group
University of Granada
Jos Camacho, Ph.D.
5
Seguridad en Redes Corporativas: Detectando al Intruso 5
Network Engineering and Security Group
University of Granada
Jos Camacho, Ph.D.
Combine any sources: from low level sensors (e.g. netflow) to high level info
(e.g. correlation rules at SIEM) 77
Seguridad en Redes Corporativas: Detectando al Intruso
MSNM - VI
V1 V2 VM V1 V2 VM
O1 O1
O2 O2
Network Engineering and Security Group
ON ON
University of Granada
Jos Camacho, Ph.D.
Logs with detailed info of the anomaly are manually identified from the
information
Seguridad en Redes Corporativas: Detectando provided by MSNM
al Intruso 9
9
Network Engineering and Security Group
University of Granada
Jos Camacho, Ph.D.
One-class SVM
University of Granada
Jos Camacho, Ph.D.
13
13
Network Engineering and Security Group
University of Granada
Jos Camacho, Ph.D.
Synthetic attacks
Results - I
14
14
Results - II
20 Top detections
Network Engineering and Security Group
Least agreement
University of Granada
Jos Camacho, Ph.D.
15
15
Results - III
Advantage over ML
Normal
SPAM campaing
Results - IV
17
Network Engineering and Security Group
University of Granada
Jos Camacho, Ph.D.
Future work:
Other sources (Host), Dynamic Features, MSNM-
SIEM, Privacy & Scalibility,
19
Seguridad en Redes Corporativas: Detectando al Intruso 19
Traffic Monitoring and Diagnosis with
Multivariate Statistical Network Monitoring:
A Case Study
Network Engineering and Security Group