Summary of It Intrusion Detection Using Statistical Learning and Testbed Measurements, by Xiaoxuan Wang and Rolf Stadler
IT Intrusion Detection Using Statistical Learning and Testbed Measurements
by Xiaoxuan Wang, Rolf Stadler
First submitted to arxiv on: 20 Feb 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This research paper explores automated intrusion detection in IT infrastructure by identifying the start of an attack, its type, and the sequence of actions taken by an attacker. Statistical learning methods such as Hidden Markov Model (HMM), Long Short-Term Memory (LSTM), and Random Forest Classifier (RFC) are applied to map sequences of observations to predicted attack actions. The study uses a unique dataset generated from an in-house testbed where attacks are simulated against an emulated IT infrastructure. A machine-learning pipeline is designed to reduce the dimensionality of high-dimensional observation space or map it to a small set of observation symbols. The results show that both HMM and LSTM can effectively predict attack start time, type, and actions, with LSTM achieving higher accuracy when sufficient training data is available. However, HMM requires less computational resources and training data for effective prediction. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This research helps keep computers and networks safe by automatically detecting when an attacker is trying to break in. The scientists used special computer programs to analyze a large amount of data that they created themselves by simulating attacks on a pretend network. They found that two specific types of computer programs, called Hidden Markov Model (HMM) and Long Short-Term Memory (LSTM), are very good at predicting when an attack is happening, what kind of attack it is, and what the attacker will do next. One program works better than the other if there’s enough training data available, but another program uses less data and still gets good results. |
Keywords
* Artificial intelligence * Hidden markov model * Lstm * Machine learning * Random forest
