Using Deep Neural Networks to Detect Compromised Hosts in Large Scale Networks
August 2020 • Presentation
Angel Kodituwakku (The University of Tennessee Knoxville), Eboni Thamavong (X8, Full Spectrum Engagement)
In this presentation, the authors discuss the generation of a new dataset based on recent, real network data from global research and education that is fused with actual threat lists and contextual information.
University of Tennesee
Detecting compromised hosts in networks is an important cyber security challenge. Investing in defenses on the perimeter of the network is key to prevent compromises within the network. However, hosts are compromised at an alarming rate due to security breaches and insider threats. It is becoming impossible for network security analysts to keep up with the barrage of data to manually detect compromises. Automating the detection of compromises and providing decision support play a key role in optimizing the analyst's workflow. Various statistical modeling techniques have been proposed to assist analysts with detecting compromised hosts by examining their behavior on the network at flow level. But most of this research lacks real datasets that reflect modern attacks, preventing their use in real-world scenarios. Literature tends to use benchmark data sets that are simulated and outdated.