Towards expert-guided elucidation of cyber attacks through interactive inductive logic programming

Oliver Ray, Steve Moyle

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

3 Citations (Scopus)

Abstract

This paper proposes a logic-based machine learning approach called ACUITY which is designed to facilitate user-guided elucidation of novel phenomena from evidence sparsely distributed across large volumes of linked relational data. The work builds on systems from the field of Inductive Logic Programming (ILP) by introducing a suite of new techniques for interacting with domain experts and data sources in a way that allows complex logical reasoning to be strategically exploited on large real-world databases through intuitive hypothesis-shaping and data-caching functionality. We propose two methods for rebutting or shaping candidate hypotheses and two methods for querying or importing relevant data from multiple sources. The benefits of ACUITY are illustrated in a proof-of-principle case study involving a retrospective analysis of the CryptoWall ransomware attack using data from a cyber security testbed comprising a small business network and an infected laptop.
Original languageEnglish
Title of host publication13th International Conference on Knowledge and Systems Engineering
Subtitle of host publicationKSE21
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages7
DOIs
Publication statusPublished - 10 Nov 2021

Publication series

NameInternational Conference on Knowledge and Systems Engineering (KSE)
PublisherIEEE
ISSN (Print)2164-2508
ISSN (Electronic)2694-4804

Fingerprint

Dive into the research topics of 'Towards expert-guided elucidation of cyber attacks through interactive inductive logic programming'. Together they form a unique fingerprint.

Cite this