The reviewed record of science sign in
Pith

arxiv: 2104.11636 · v1 · pith:JOUNVSE4 · submitted 2021-04-23 · cs.CR

Collaborative Information Sharing for ML-Based Threat Detection

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:JOUNVSE4record.jsonopen to challenge →

classification cs.CR
keywords informationthreatdetectionnetworkssharingacrossadaptattack
0
0 comments X
read the original abstract

Recently, coordinated attack campaigns started to become more widespread on the Internet. In May 2017, WannaCry infected more than 300,000 machines in 150 countries in a few days and had a large impact on critical infrastructure. Existing threat sharing platforms cannot easily adapt to emerging attack patterns. At the same time, enterprises started to adopt machine learning-based threat detection tools in their local networks. In this paper, we pose the question: \emph{What information can defenders share across multiple networks to help machine learning-based threat detection adapt to new coordinated attacks?} We propose three information sharing methods across two networks, and show how the shared information can be used in a machine-learning network-traffic model to significantly improve its ability of detecting evasive self-propagating malware.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.