Learning About the Adversary

A. Nadeem; S.E. Verwer; Shanchieh Jay Yang

doi:10.1007/978-3-031-29269-9_6

Learning About the Adversary

A. Nadeem, S.E. Verwer, Shanchieh Jay Yang

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Chapter › Scientific › peer-review

75 Downloads (Pure)

Abstract

The evolving nature of the tactics, techniques, and procedures used by cyber adversaries have made signature and template based methods of modeling adversary behavior almost infeasible. We are moving into an era of data-driven autonomous cyber defense agents that learn contextually meaningful adversary behaviors from observables. In this chapter, we explore what can be learnt about cyber adversaries from observable data, such as intrusion alerts, network traffic, and threat intelligence feeds. We describe the challenges of building autonomous cyber defense agents, such as learning from noisy observables with no ground truth, and the brittle nature of deep learning based agents that can be easily evaded by adversaries. We illustrate three state-of-the-art autonomous cyber defense agents that model adversary behavior from traffic induced observables without a priori expert knowledge or ground truth labels. We close with recommendations and directions for future work.

Original language	English
Title of host publication	Autonomous Intelligent Cyber Defense Agent (AICA)
Subtitle of host publication	A Comprehensive Guide
Editors	Alexander Kott
Publisher	Springer
Chapter	6
Pages	105-132
Number of pages	28
Volume	87
Edition	1
ISBN (Electronic)	978-3-031-29271-2
ISBN (Print)	978-3-031-29268-2
DOIs	https://doi.org/10.1007/978-3-031-29269-9_6
Publication status	Published - 2023

Publication series

Name	Advances in Information Security
Publisher	Springer Cham
ISSN (Print)	1568-2633
ISSN (Electronic)	2512-2193

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

Adversary behavior
machine learning
behavior modeling
intrusion alerts
statistical models

Access to Document

10.1007/978-3-031-29269-9_6

978_3_031_29269_9_6Final published version, 1.01 MB

Cite this

@inbook{d7c718ef8ba64a3593b240843fdef64f,

title = "Learning About the Adversary",

abstract = "The evolving nature of the tactics, techniques, and procedures used by cyber adversaries have made signature and template based methods of modeling adversary behavior almost infeasible. We are moving into an era of data-driven autonomous cyber defense agents that learn contextually meaningful adversary behaviors from observables. In this chapter, we explore what can be learnt about cyber adversaries from observable data, such as intrusion alerts, network traffic, and threat intelligence feeds. We describe the challenges of building autonomous cyber defense agents, such as learning from noisy observables with no ground truth, and the brittle nature of deep learning based agents that can be easily evaded by adversaries. We illustrate three state-of-the-art autonomous cyber defense agents that model adversary behavior from traffic induced observables without a priori expert knowledge or ground truth labels. We close with recommendations and directions for future work.",

keywords = "Adversary behavior, machine learning, behavior modeling, intrusion alerts, statistical models",

author = "A. Nadeem and S.E. Verwer and Yang, {Shanchieh Jay}",

note = "Green Open Access added to TU Delft Institutional Repository {\textquoteleft}You share, we take care!{\textquoteright} – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. ",

year = "2023",

doi = "10.1007/978-3-031-29269-9_6",

language = "English",

isbn = "978-3-031-29268-2",

volume = "87",

series = "Advances in Information Security",

publisher = "Springer",

pages = "105--132",

editor = "Alexander Kott",

booktitle = "Autonomous Intelligent Cyber Defense Agent (AICA)",

edition = "1",

}

TY - CHAP

T1 - Learning About the Adversary

AU - Nadeem, A.

AU - Verwer, S.E.

AU - Yang, Shanchieh Jay

N1 - Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

PY - 2023

Y1 - 2023

N2 - The evolving nature of the tactics, techniques, and procedures used by cyber adversaries have made signature and template based methods of modeling adversary behavior almost infeasible. We are moving into an era of data-driven autonomous cyber defense agents that learn contextually meaningful adversary behaviors from observables. In this chapter, we explore what can be learnt about cyber adversaries from observable data, such as intrusion alerts, network traffic, and threat intelligence feeds. We describe the challenges of building autonomous cyber defense agents, such as learning from noisy observables with no ground truth, and the brittle nature of deep learning based agents that can be easily evaded by adversaries. We illustrate three state-of-the-art autonomous cyber defense agents that model adversary behavior from traffic induced observables without a priori expert knowledge or ground truth labels. We close with recommendations and directions for future work.

AB - The evolving nature of the tactics, techniques, and procedures used by cyber adversaries have made signature and template based methods of modeling adversary behavior almost infeasible. We are moving into an era of data-driven autonomous cyber defense agents that learn contextually meaningful adversary behaviors from observables. In this chapter, we explore what can be learnt about cyber adversaries from observable data, such as intrusion alerts, network traffic, and threat intelligence feeds. We describe the challenges of building autonomous cyber defense agents, such as learning from noisy observables with no ground truth, and the brittle nature of deep learning based agents that can be easily evaded by adversaries. We illustrate three state-of-the-art autonomous cyber defense agents that model adversary behavior from traffic induced observables without a priori expert knowledge or ground truth labels. We close with recommendations and directions for future work.

KW - Adversary behavior

KW - machine learning

KW - behavior modeling

KW - intrusion alerts

KW - statistical models

UR - http://www.scopus.com/inward/record.url?scp=85162020864&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-29269-9_6

DO - 10.1007/978-3-031-29269-9_6

M3 - Chapter

SN - 978-3-031-29268-2

VL - 87

T3 - Advances in Information Security

SP - 105

EP - 132

BT - Autonomous Intelligent Cyber Defense Agent (AICA)

A2 - Kott, Alexander

PB - Springer

ER -

Learning About the Adversary

Abstract

Publication series

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this