Machine learning techniques are gaining attention in the context of intrusion detection due to the increasing amounts of data generated by monitoring tools, as well as the sophistication displayed by attackers in hiding their activity. However, existing methods often exhibit important limitations in terms of the quantity and relevance of the generated alerts. Recently, knowledge graphs are finding application in the cybersecurity domain, showing the potential to alleviate some of these drawbacks thanks to their ability to seamlessly integrate data from multiple domains using human-understandable vocabularies. We discuss the application of machine learning on knowledge graphs for intrusion detection and experimentally evaluate a link-prediction method for scoring anomalous activity in industrial systems. After initial unsupervised training, the proposed method is shown to produce intuitively well-calibrated and interpretable alerts in a diverse range of scenarios, hinting at the potential benefits of relational machine learning on knowledge graphs for intrusion detection purposes.
翻译:由于监测工具产生的数据越来越多,以及攻击者在隐藏其活动时表现出的精密程度,在入侵探测方面,机器学习技术日益受到注意,但是,现有方法在生成的警报的数量和相关性方面往往有重大的局限性;最近,知识图表在网络安全领域找到了应用,表明由于它们有能力利用人能理解的词汇将多个领域的数据无缝地整合在一起,有可能减轻其中一些缺陷;我们讨论了在知识图表上应用机器学习,以探测入侵,并实验性地评估工业系统中记录异常活动的联系定位方法;经过初步未经监督的培训,拟议的方法显示,在多种情景中产生直观、清晰和可解释的警报,暗示了为入侵探测目的在知识图表上进行关系机器学习的潜在好处。