A semantic‐based method for analysing unknown malicious behaviours via hyper‐spherical variational auto‐encoders
Abstract In the User and Entity Behaviour Analytics (UEBA), unknown malicious behaviours are often difficult to be automatically detected due to the lack of labelled data. Most of the existing methods also fail to take full advantage of the threat intelligence and incorporate the impact of the behav...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi-IET
2023-03-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12088 |
| _version_ | 1797422398886117376 |
|---|---|
| author | Yi‐feng Wang Yuan‐bo Guo Chen Fang |
| author_facet | Yi‐feng Wang Yuan‐bo Guo Chen Fang |
| author_sort | Yi‐feng Wang |
| collection | DOAJ |
| description | Abstract In the User and Entity Behaviour Analytics (UEBA), unknown malicious behaviours are often difficult to be automatically detected due to the lack of labelled data. Most of the existing methods also fail to take full advantage of the threat intelligence and incorporate the impact of the behaviour patterns of the benign users. To address this issue, this paper proposes a Generalised Zero‐Shot Learning (GZSL) method based on hyper‐spherical Variational Auto‐Encoders (VAEs). Compared to the VAEs, the authors’ proposed method is more robust and suitable for capturing data with richer and more nuanced structures. The authors’ method analyses the unknown malicious behaviours by projecting them and their semantic attributes to shared space. These are then matched by the cosine similarity. The authors further use a Graph Convolutional Network (GCN) to reduce the impact of different user behaviour patterns before projection. The experimental results indicate that the proposed method is efficient in the analysis of unknown malicious behaviours. |
| first_indexed | 2024-03-09T07:31:45Z |
| format | Article |
| id | doaj.art-e605dad8fa7447809a96da14e095877a |
| institution | Directory Open Access Journal |
| issn | 1751-8709 1751-8717 |
| language | English |
| last_indexed | 2024-03-09T07:31:45Z |
| publishDate | 2023-03-01 |
| publisher | Hindawi-IET |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj.art-e605dad8fa7447809a96da14e095877a2023-12-03T06:20:12ZengHindawi-IETIET Information Security1751-87091751-87172023-03-0117224425410.1049/ise2.12088A semantic‐based method for analysing unknown malicious behaviours via hyper‐spherical variational auto‐encodersYi‐feng Wang0Yuan‐bo Guo1Chen Fang2Cryptography Engineering Institute Information Engineering University Zhengzhou ChinaCryptography Engineering Institute Information Engineering University Zhengzhou ChinaCryptography Engineering Institute Information Engineering University Zhengzhou ChinaAbstract In the User and Entity Behaviour Analytics (UEBA), unknown malicious behaviours are often difficult to be automatically detected due to the lack of labelled data. Most of the existing methods also fail to take full advantage of the threat intelligence and incorporate the impact of the behaviour patterns of the benign users. To address this issue, this paper proposes a Generalised Zero‐Shot Learning (GZSL) method based on hyper‐spherical Variational Auto‐Encoders (VAEs). Compared to the VAEs, the authors’ proposed method is more robust and suitable for capturing data with richer and more nuanced structures. The authors’ method analyses the unknown malicious behaviours by projecting them and their semantic attributes to shared space. These are then matched by the cosine similarity. The authors further use a Graph Convolutional Network (GCN) to reduce the impact of different user behaviour patterns before projection. The experimental results indicate that the proposed method is efficient in the analysis of unknown malicious behaviours.https://doi.org/10.1049/ise2.12088generalised zero‐shot learninghyper‐spherical variational auto‐encodersunknown malicious behavioursuser and entity behaviour analytics |
| spellingShingle | Yi‐feng Wang Yuan‐bo Guo Chen Fang A semantic‐based method for analysing unknown malicious behaviours via hyper‐spherical variational auto‐encoders IET Information Security generalised zero‐shot learning hyper‐spherical variational auto‐encoders unknown malicious behaviours user and entity behaviour analytics |
| title | A semantic‐based method for analysing unknown malicious behaviours via hyper‐spherical variational auto‐encoders |
| title_full | A semantic‐based method for analysing unknown malicious behaviours via hyper‐spherical variational auto‐encoders |
| title_fullStr | A semantic‐based method for analysing unknown malicious behaviours via hyper‐spherical variational auto‐encoders |
| title_full_unstemmed | A semantic‐based method for analysing unknown malicious behaviours via hyper‐spherical variational auto‐encoders |
| title_short | A semantic‐based method for analysing unknown malicious behaviours via hyper‐spherical variational auto‐encoders |
| title_sort | semantic based method for analysing unknown malicious behaviours via hyper spherical variational auto encoders |
| topic | generalised zero‐shot learning hyper‐spherical variational auto‐encoders unknown malicious behaviours user and entity behaviour analytics |
| url | https://doi.org/10.1049/ise2.12088 |
| work_keys_str_mv | AT yifengwang asemanticbasedmethodforanalysingunknownmaliciousbehavioursviahypersphericalvariationalautoencoders AT yuanboguo asemanticbasedmethodforanalysingunknownmaliciousbehavioursviahypersphericalvariationalautoencoders AT chenfang asemanticbasedmethodforanalysingunknownmaliciousbehavioursviahypersphericalvariationalautoencoders AT yifengwang semanticbasedmethodforanalysingunknownmaliciousbehavioursviahypersphericalvariationalautoencoders AT yuanboguo semanticbasedmethodforanalysingunknownmaliciousbehavioursviahypersphericalvariationalautoencoders AT chenfang semanticbasedmethodforanalysingunknownmaliciousbehavioursviahypersphericalvariationalautoencoders |