TY - GEN
T1 - A Self-Protection Agent Using Error Correcting Output Codes to Secure Computers and Applications
AU - De La Peña Montero, Fabian
AU - Hariri, Salim
AU - DItzler, Gregory
N1 - Funding Information:
This work was supported by the National Science Foundation under Award Numbers NSF CNS-1624668. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect those of the funding agencies.
Publisher Copyright:
© 2017 IEEE.
PY - 2017/10/9
Y1 - 2017/10/9
N2 - The human immune system is incredibly efficient at identifying self- and non-self entities in our bodies. A non-self entity (malicious), once identified, is attacked by particular types of cells to remove the intruder before it can cause damage. Our immune system has components that identify not only non-self entities but also recall old entities that may not have been encountered for a very long time, but it is still essential that these entities be correctly classified as malicious. The domain of cybersecurity can significantly benefit from having a framework that can identify, react and adapt to malicious behaviors. Such a model for cyber protection should draw a parallel to our immune system, at least at a high level. In this work, we present a flexible framework that leverages machine learning to identify malicious behaviors that are threats to users, computers, and applications in a network. The proposed framework relies on the collection and aggregation of information relevant to identifying such malicious behaviors, machine learning - to learn and identify non-self behaviors automatically, and an adaptation mechanism to incorporate new threats for future classification. We benchmarked the proposed approach on a data set collected from multiple users, computer and applications, and we show that attacks (i.e., non-self behaviors) can be identified and mitigated through software. We compared classification models that perform binary classification (i.e., self or non-self), as well as multi-class predictions (i.e., what type of non-self behavior is detected).
AB - The human immune system is incredibly efficient at identifying self- and non-self entities in our bodies. A non-self entity (malicious), once identified, is attacked by particular types of cells to remove the intruder before it can cause damage. Our immune system has components that identify not only non-self entities but also recall old entities that may not have been encountered for a very long time, but it is still essential that these entities be correctly classified as malicious. The domain of cybersecurity can significantly benefit from having a framework that can identify, react and adapt to malicious behaviors. Such a model for cyber protection should draw a parallel to our immune system, at least at a high level. In this work, we present a flexible framework that leverages machine learning to identify malicious behaviors that are threats to users, computers, and applications in a network. The proposed framework relies on the collection and aggregation of information relevant to identifying such malicious behaviors, machine learning - to learn and identify non-self behaviors automatically, and an adaptation mechanism to incorporate new threats for future classification. We benchmarked the proposed approach on a data set collected from multiple users, computer and applications, and we show that attacks (i.e., non-self behaviors) can be identified and mitigated through software. We compared classification models that perform binary classification (i.e., self or non-self), as well as multi-class predictions (i.e., what type of non-self behavior is detected).
UR - http://www.scopus.com/inward/record.url?scp=85035362593&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85035362593&partnerID=8YFLogxK
U2 - 10.1109/ICCAC.2017.13
DO - 10.1109/ICCAC.2017.13
M3 - Conference contribution
AN - SCOPUS:85035362593
T3 - Proceedings - 2017 IEEE International Conference on Cloud and Autonomic Computing, ICCAC 2017
SP - 58
EP - 68
BT - Proceedings - 2017 IEEE International Conference on Cloud and Autonomic Computing, ICCAC 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th IEEE International Conference on Cloud and Autonomic Computing, ICCAC 2017
Y2 - 18 September 2017 through 22 September 2017
ER -