计算机科学
计算机安全
数据收集
稳健性(进化)
自动化
工程类
数学
生物化学
机械工程
基因
统计
化学
作者
Liad Dekel,Ilia Leybovich,Polina Zilberman,Rami Puzis
标识
DOI:10.1109/tifs.2022.3215010
摘要
Threat hunting relies on cyber threat intelligence to perform active hunting of prospective attacks instead of waiting for an attack to trigger some pre-configured alerts. One of the most important aspects of threat hunting is automation, especially when it concerns targeted data collection. Multi-armed bandits (MAB) is a family of problems that can be used to optimize the targeted data collection and balance between exploration and exploitation of the collected data. Unfortunately, state-of-the-art policies for solving MAB with dependent arms do not utilize the detailed interrelationships between attacks such as telemetry or artifacts shared by multiple attacks. We propose new policies, one of which is theoretically proven, to prioritize the investigated attacks during targeted data collection. Experiments with real data extracted from VirusTotal behavior reports show the superiority of the proposed techniques and their robustness in presence of noise.
科研通智能强力驱动
Strongly Powered by AbleSci AI