CONTACT US: Contact info
|
Citation |
Rendall K, Mylonas A, Vidalis S. WIREs Forensic Sci. 2022; 4(4): e1448. |
|
Copyright |
(Copyright © 2022, John Wiley and Sons) |
|
DOI |
|
PMID |
unavailable |
|
Abstract |
The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data-driven detection strategies have become increasingly mainstream. The relevant literature includes many works that leverage open-source datasets, supervised learning or, less commonly, unsupervised learning. However, advanced network attacks' spatial and temporal characteristics prove standalone threat detection systems inadequate, especially for detecting a multi-stage attack and often stealthy techniques. Moreover, attackers have been demonstrating adversarial effects that are caused by deception and contaminating data-driven methods with adversarial learning. For these reasons, recent research in threat detection is moving away from commonly, and often obsolete, datasets as well as adopting more multi-layered decision strategies. As such, this article provides a comprehensive review of decision strategies. We also examine their ability to support cyber situational awareness (CSA), providing to security analysts CSA properties such as situation assessment and system refinement. This article is categorized under: Digital and Multimedia Science > Cyber Threat Intelligence Language: en |
|
Keywords |
cyber situational awareness; ensemble; intrusion detection; machine learning; multi-layered |