| Title | Towards expert-guided elucidation of cyber attacks through interactive inductive logic programming |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Ray, Oliver, Moyle, Steve |
| Conference Name | 2021 13th International Conference on Knowledge and Systems Engineering (KSE) |
| Keywords | composability, Distributed databases, Human Behavior, Knowledge engineering, logic programming, machine learning, Metrics, Portable computers, pubcrawl, relational database security, resilience, Resiliency, Soft sensors, Systems engineering and theory |
| Abstract | This paper proposes a logic-based machine learning approach called Acuity which is designed to facilitate user-guided elucidation of novel phenomena from evidence sparsely distributed across large volumes of linked relational data. The work builds on systems from the field of Inductive Logic Programming (ILP) by introducing a suite of new techniques for interacting with domain experts and data sources in a way that allows complex logical reasoning to be strategically exploited on large real-world databases through intuitive hypothesis-shaping and data-caching functionality. We propose two methods for rebutting or shaping candidate hypotheses and two methods for querying or importing relevant data from multiple sources. The benefits of Acuity are illustrated in a proof-of-principle case study involving a retrospective analysis of the CryptoWall ransomware attack using data from a cyber security testbed comprising a small business network and an infected laptop. |
| DOI | 10.1109/KSE53942.2021.9648769 |
| Citation Key | ray_towards_2021 |
Towards expert-guided elucidation of cyber attacks through interactive inductive logic programming