Title:
Conditional High Utility Pattern Mining for Cyber Attack Detection
Agreement Value:
$20,000.00
Agreement Date:
Mar 20, 2020 - Mar 31, 2021
Description:
Detecting and identifying malicious activity occurring on a network of host machines can be extremely difficult in attack scenarios such as Advanced Persistent Threats (APT) where attackers move laterally from host to host. Sequential pattern analysis methods can be used to detect the presence of potentially malicious behaviour on a network. With multi-host detection, however, the challenge lies in recognizing patterns of host activity that may not be of particular interest on their own, but when considered with the presence or absence of activities occurring on other host machine, may be part of a more concerning sequence of events. The focus of this project is the creation of conditional high-utility sequential pattern mining methods to compute the criticality of identified patterns given the existence of particular patterns on different hosts. Making this challenge particularly difficult is the fact that the complexity of APT attacks, coupled with the general lack of success in identifying APT attacks and, in particular, the lateral movement of attackers, means that publicly available labeled real-world datasets containing this type of behaviour are virtually nonexistent. As a result, many studies validate proposed methods on real operational data that has been injected with artificial attack traces. The difficulty is that these artificial infiltrations tend to be unrealistic, and as a result are easily recognizable amongst the true operational data. In the absence of true APT data that can be used to successfully train effective ML models for the detection of lateral movement, further research will be conducted into the generation of realistic synthetic datasets for APT attacks, with a focus on the advancement of the current state of the art in synthetic data for malicious lateral movement.
Organization:
National Research Council Canada
Expected Results:
In the short term, anticipated outcomes will be strengthened collaborations across industry, academia, and government to support research excellence. In the medium term, anticipated outcomes will be the development of new and potentially disruptive technologies with collaborators.
Location:
Fredericton, New Brunswick, CA E3B 5A3
Reference Number:
172-2019-2020-Q4-945265
Report Type:
Grants and Contributions
Recipient Business Number:
108162025
Additional Information:
This agreement has been amended 1 time(s). The end date of this agreements has been modified by 63 days.
Recipient's Operating Name:
The University of New Brunswick
Recipient's Legal Name:
The University of New Brunswick
Federal Riding Name:
Fredericton
Federal Riding Number:
13003
Program:
Collaborative Science, Technology and Innovation Program – Ideation Fund
Program Purpose:
The Ideation Fund is intended to encourage, test and validate transformative research ideas generated by teams of NRC scientific personnel and external collaborators with complementary capabilities, acting as a demonstration phase for a continually-evolving suite of research and development (R&D) deliverables at the NRC. The fund supports exploratory research through two mechanisms: the New Beginnings Initiative and the Small Teams Initiative.