Transforming Cyber Defense: Anomaly Detection and Predictive Analytics for Automated Threat Response
Currently, cyber defense remains a pre-eminently human-driven endeavor, lacking fundamental capabilities for comprehensive and timely detection, response, and prediction. Here, we present transformative concepts to mature cyber defense toward automated anomaly detection, prediction, and response. Our concepts treat the underlying problem at its most basic and essential level: violation of the predictability of correct actions and correct system and service performance, representing unintended relationships and change. We mathematically generalize prediction to explore relationships between dependencies, predict correct action sets, discern and anticipate both intended and unintended change, and mitigate the effects of correlated nested risk to enhance defense capabilities within and across organizations.
These general attributes can also provide the principal knowledge and mechanisms essential for new generations of cyber defense and information assurance. Our concepts directly address immediate and long-term, broad and fundamental needs in defense and, we believe, will be studied indefinitely. The fundamental nature of these concepts leads to their broad applicability across scientific, engineering, and human endeavors, including social, economic, and political systems, where incomplete knowledge-supported decisions steadily increase untenable manipulation and control. These general attributes can also provide the principal knowledge and mechanisms essential for new generations of cyber defense and information assurance.
Lee, W., & Stolfo, S. J. (1998). Data mining approaches for intrusion detection.** *Proceedings of the 7th USENIX Security Symposium.* DOI: [10.1.1.1.38.4326](https://doi.org/10.1.1.1.38.4326)
Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection.** *Proceedings of the 2010 IEEE Symposium on Security and Privacy.* DOI: [10.1109/SP.2010.25](https://doi.org/10.1109/SP.2010.25)
Lippmann, R. P., et al. (2000). Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation.** *AI Magazine, 21(4), 11-12.* DOI: [10.1609/aimag.v21i4.1530](https://doi.org/10.1609/aimag.v21i4.1530)
Mahoney, M. V., & Chan, P. K. (2003). Learning nonstationary models of normal network traffic for detecting novel attacks.** *IEEE Transactions on Dependable and Secure Computing, 1(2), 147-161.* DOI: [10.1109/TDSC.2004.2](https://doi.org/10.1109/TDSC.2004.2)
Patcha, A., & Park, J. M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends.** *Computer Networks, 51(12), 3448-3470.* DOI: [10.1016/j.comnet.2007.02.001](https://doi.org/10.1016/j.comnet.2007.02.001)
Sharma, S., & Chan, P. P. (2011). Machine learning in cyber security—Attack detection and attack containment.** *International Journal of Computer Applications, 21(4), 36-41.* DOI: [10.5120/2842-3803](https://doi.org/10.5120/2842-3803)
Kang, J., & Kang, S. (2005). An intrusion detection system using hierarchical clustering and support vector machines.** *Expert Systems with Applications, 29(3), 583-590.* DOI: [10.1016/j.eswa.2005.04.027](https://doi.org/10.1016/j.eswa.2005.04.027)
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection.** *IEEE Communications Surveys & Tutorials, 18(2), 1153-1176.* DOI: [10.1109/COMST.2015.2494502](https://doi.org/10.1109/COMST.2015.2494502)
Jajodia, S., et al. (2011). Topological analysis of malware attacks.** *Computers & Security, 30(8), 509-520.* DOI: [10.1016/j.cose.2011.04.003](https://doi.org/10.1016/j.cose.2011.04.003)
Copyright (c) 2024 International Journal of Engineering and Computer Science
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.