🌙

DeepSecure:一种面向网络安全决策中可解释威胁狩猎的计算设计科学方法

DeepSecure: A computational design science approach for interpretable threat hunting in cybersecurity decision making

Decision Support Systems · 2024
被引 20
ABS 3

中文导读

本文采用计算设计科学范式,开发了名为DeepSecure的威胁狩猎工具,通过动态向量量化变分自编码器和多尺度层次注意力机制,自动提取多变量时间序列中的潜在模式,并可视化注意力分数以增强模型可解释性,帮助组织快速响应安全事件。

Abstract

Businesses and industries are placing a greater emphasis on information systems for cybersecurity decision-making due to the rising cybersecurity threat landscape and the critical need to protect their digital assets. Threat hunting provides a data-driven and proactive approach to cybersecurity, enabling organizations to efficiently detect, analyze, and respond to cyber threats in real-time. Despite playing a crucial role, these systems face several obstacles, including the manual analysis of technical threat intelligence, the non-Gaussian nature of real-world data, the high rate of false positives produced during threat hunting, and the lack of interpretation and justification for these complex models. This article adopts the computational design science paradigm to develop a novel IT artifact for threat-hunting named DeepSecure. First, to automatically extract latent patterns from multivariate time series datasets, we propose a dynamic vector quantized variational autoencoder technique. Second, a multiscale hierarchical attention bi-directional gated recurrent unit-based threat-hunting mechanism is designed. Finally, we provide the visualization of attention scores to aid in model interpretation. We evaluate the DeepSecure against state-of-the-art benchmarks on two publicly available datasets, namely, ToN-IoT and CSE-CIC-IDS2018. The experimental evaluation proves that our model can efficiently identify threat types. Beyond demonstrating practical utility, the proposed framework can help address the lack of interpretation and justification for complex models in cyber threat detection and will allow organizations to respond to potential security incidents quickly. • We employ the computational design science paradigm to develop a novel IT artifact for threat-hunting named DeepSecure. • We propose a dynamic vector quantized variational autoencoder technique. • We designed a multiscale hierarchical attention bi-directional gated recurrent unit-based threat-hunting mechanism. • We provide the visualization of attention scores to aid in model interpretation.

网络安全威胁狩猎机器学习信息系统