Visible to the public Predicting Cyber Threats with Virtual Security Products

TitlePredicting Cyber Threats with Virtual Security Products
Publication TypeConference Paper
Year of Publication2017
AuthorsChen, Shang-Tse, Han, YuFei, Chau, Duen Horng, Gates, Christopher, Hart, Michael, Roundy, Kevin A.
Conference NameProceedings of the 33rd Annual Computer Security Applications Conference
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5345-8
Keywordscomposability, Human Behavior, Metrics, privacy, pubcrawl, resilience, Resiliency, semi-supervised matrix factorization, Virtual Product, virtualization privacy
Abstract

Cybersecurity analysts are often presented suspicious machine activity that does not conclusively indicate compromise, resulting in undetected incidents or costly investigations into the most appropriate remediation actions. There are many reasons for this: deficiencies in the number and quality of security products that are deployed, poor configuration of those security products, and incomplete reporting of product-security telemetry. Managed Security Service Providers (MSSP's), which are tasked with detecting security incidents on behalf of multiple customers, are confronted with these data quality issues, but also possess a wealth of cross-product security data that enables innovative solutions. We use MSSP data to develop Virtual Product, which addresses the aforementioned data challenges by predicting what security events would have been triggered by a security product if it had been present. This benefits the analysts by providing more context into existing security incidents (albeit probabilistic) and by making questionable security incidents more conclusive. We achieve up to 99% AUC in predicting the incidents that some products would have detected had they been present.

URLhttp://doi.acm.org/10.1145/3134600.3134617
DOI10.1145/3134600.3134617
Citation Keychen_predicting_2017