Paper 1
Threats Modeling and Anomaly Detection in the Behaviour of a System – A Review of Some ApproachesAuthors: Mériem Ghali, Crystalor Sah, Marie Le Guilly, Mohand-Saïd Hacid |
AbstractWith the increase of Big Data, cybersecurity is undergoing massive changes. Because of the vast volume of data, it becomes harder and harder to detect anomalies, and therefore to devise techniques to automatically identify malicious behaviours, even though it is a crucial task. However, Big Data also enables the development of new anomaly detection approaches, based on data analysis and especially machine learning and data mining. With this perspective, it becomes possible to propose solutions that are more flexible and better suited to the new threats that are constantly evolving. In this paper, our objective is to first give a general overview of current approaches used for anomaly detection in the context of cybersecurity, and to implement and test some machine learning techniques for this task, in order to compare their performances. Experiments were carried on the CICIDS2017 dataset, using traditional anomaly detection techniques based on Clustering such as K-Means, EM-Clustering and Classification such as Decision Tree, SVM, Neural Networks. Keywords: Anomaly detection, Machine learning, Intrusion detection systems, Clustering Classification, Threat modeling, Attack modeling. |