AI and Machine Learning for Threat Detection

(logo)

Overview

As organizations collect increasingly large amounts of security logs from their network and endpoints, this data can be used proactively for breach prevention and mitigation. We are actively working on new AI and machine learning-based techniques to extract meaningful intelligence from different security data sources, and detect security-related anomalies with high accuracy and low false positive rates. Of particular interest are attacks such as advanced persistent threats (APTs) and self-propagating malware (SPM), which are difficult to detect with existing technologies. We are also interested in detecting coordinated attack campaigns across multiple networks, and designing methods for information sharing for more resilient global defenses. The main challenges in deploying these machine learning methods are prioritizing the most important alerts, while reducing false positives and being resilient to adversarial evasion strategies.

Publications

AppMine: Behavioral Analytics for Web Application Vulnerability Detection. Indranil Jana and Alina Oprea. In Proceedings of the The ACM Cloud Computing Security Workshop (CCSW), 2019 [arXiv version]
FENCE: Feasible Evasion Attacks on Neural Networks in Constrained Environments. Alesia Chernikova and Alina Oprea. [arXiv version]
On Designing Machine Learning Models for Malicious Network Traffic Classification. Talha Ongun, Timothy Sakharov, Simona Boboila, Alina Oprea, and Tina Eliassi-Rad. [arXiv version]
Automated Generation and of Interpretable Features for Enterprise Security. Jiayi Duan, Ziheng Zeng, Alina Oprea, and Shobha Vasudevan. In Proceedings of the IEEE International Conference on Big Data (IEEE BigData), 2018 [PDF]
MADE: Security Analytics for Enterprise Threat Detection. Alina Oprea, Zhou Li, Robin Norris, and Kevin Bowers In Proceedings of Annual Computer Security Applications Conference (ACSAC), 2018 [PDF]
Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Xiaojing Liao, Alina Oprea, Xiaofeng Wang and Zhou Li In Proceedings of Annual Computer Security Applications Conference (ACSAC), 2016 [PDF]
Operational Security Log Analytics for Enterprise Breach Detection Zhou Li and Alina Oprea. The First IEEE Cybersecurity Development Conference (SecDev). [PDF]
Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data Alina Oprea, Zhou Li, Ting-Fang Yen, Sang H. Chin, and Sumyah Alrwais In Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2015 [PDF]
An Epidemiological Study of Malware Encounters in a Large Enterprise Ting-Fang Yen, Victor Heorhiadi, Alina Oprea, Michael K. Reiter, and Ari Juels In Proceedings of ACM Conference on Computer and Communications Security (CCS), 2014 [PDF]
Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks Ting-Fang Yen, Alina Oprea, Kaan Onarlioglu, Todd Leetham, William Robertson, Ari Juels, and Engin Kirda In Proceedings of Annual Computer Security Applications Conference (ACSAC), 2013 [PDF]

Presentations

Applications of Machine Learning in Security Workshop on Cybersecurity Applications of Big Data, Boston University, January 2016

Members

  • Talha Ongun, PhD student
  • Alesia Chernikova, PhD student
  • Hava Kantrowitz, BS in Cyber Security program
  • Simona Boboila, Research Scientist

    Previous Members

  • Oliver Spohngellert
  • Indranil Jana

Funding

  • DARPA CHASE program, “P-CORE: Privacy Enhanced Coordinated Enterprise Defense via Temporal and Topological Representation Learning”
  • Cisco university program, “AppMine: Deep Learning Behavioral Analytics for Application Threat Detection”