Cyber-physical systems posit a complex number of security challenges due to interconnection of heterogeneous devices having limited processing, communication, and power capabilities. Additionally, the conglomeration of both physical and cyber-space further makes it difficult to devise a single security plan spanning both these spaces. Cyber-security researchers are often overloaded with a variety of cyber-alerts on a daily basis many of which turn out to be false positives. In this paper, we use machine learning and natural language processing techniques to predict the consequences of cyberattacks. The idea is to enable security researchers to have tools at their disposal that makes it easier to communicate the attack consequences with various stakeholders who may have little to no cybersecurity expertise. Additionally, with the proposed approach researchers' cognitive load can be reduced by automatically predicting the consequences of attacks in case new attacks are discovered. We compare the performance through various machine learning models employing word vectors obtained using both tf-idf and Doc2Vec models. In our experiments, an accuracy of 60% was obtained using tf-idf features and 57% using Doc2Vec method for models based on LinearSVC model.
翻译:网络物理系统由于处理、通信和电力能力有限的多种装置的相互连接而产生了复杂数量的安全挑战。此外,物理和网络空间的结合使得很难设计一个涵盖这两个空间的单一安全计划。网络安全研究人员常常每天超载各种网络警报,其中许多结果证明是虚假的。在本文中,我们使用机器学习和自然语言处理技术来预测网络攻击的后果。目的是让安全研究人员掌握工具,以便更容易地与可能几乎没有网络安全专门知识的各种利益攸关方交流攻击后果。此外,如果发现新的攻击事件,通过自动预测攻击的后果,可以减少拟议方法研究人员的认知负荷。我们通过使用利用tf-idf和Doc2Vec模式获得的文字矢量的各种机器学习模型比较了业绩。在我们的实验中,利用tf-idf特性和57%的DOC2Vec方法对以线形SVC模型为基础的模型进行了精确度,60%的精确度是用tf-idf特性和57%的精确度。
相关内容
微信扫码咨询专知VIP会员