Treffer: Cyber Resilience through Machine Learning: Data Exfiltration.

Data systems are an integral part of the modern world; these systems store valuable information, from banking data to national secrets. Whether its impact is on a national scale, or an individual's personal data, data theft poses a threat to the fabric of modern society, the ability to detect and disrupt these attacks is critical to the confidentiality of any data system. This study evaluated the ability of artificial neural networks and decision trees to detect data exfiltration in packet capture data. Emphasis was placed on the effectiveness of the model's detection of a simulated zero-day attack, which consisted of samples from malware not included in the training set. Zero-day attacks are cyber-attacks carried out with previously unknown malware and techniques, Cyber-security systems cannot identify these attacks based on their profiles, which renders traditional signature-based systems moot. However, machine learning-based systems have the potential to detect and mitigate these attacks (Farshchi, J., .2003). Special focus was placed on the effectiveness of the effect of pre-processing data with an unsupervised K-means model. Unsupervised, or clustering, machine learning models excel at the detection of patterns in datasets that would not be obvious to a human operator. Supervised models are used to label data, assigning inputs to predefined categories (da Rosa, R., 2018). The intent of this experiment was to determine how the pattern recognition capabilities of a clustering model would impact the accuracy of supervised labelling models. The effect of pre-processing was also evaluated, to determine the extent to which data preparation would impact a supervised model's effectiveness. This experiment was conducted using the scikit-learn toolset for the Python programming language, and is intended as a proof or concept. It is assumed that the trends revealed in this experiment are generalizable to other machine learning toolsets. It is also assumed that the conversion of Packet Capture (PCAP) to Comma Separated Values (CSV) did not erode the performance of the models tested. [ABSTRACT FROM AUTHOR]

Copyright of Proceedings of the International Conference on Cyber Warfare & Security is the property of Academic Conferences and Publishing International Ltd. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)