Learning and Applying Ontology for Machine Learning in Cyber Attack Detection

IEEE TrustCom/BigDataSE, 2018

Recommended citation: Zheng, H., Wang, Y., Han, C., Le, F., He, R., & Lu, J. (2018, August). Learning and Applying Ontology for Machine Learning in Cyber Attack Detection. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 1309-1315). IEEE. https://ieeexplore.ieee.org/abstract/document/8456049

In cyber security, the ontology is invented to provide vocabulary in a generalized machine-processable language for downstream works such as attack detection. Meanwhile, machine learning (ML) as a promising intelligent field, is widely investigated to achieve the automation of these tasks. Existing ML-based methods suffer from confines of specific data and preprocessing, while applying ontology with machine learning methods is still rarely discussed. In this paper, 1) we propose a novel approach for automatic attack detection by generating ontology with deep learning through neural network embeddings; 2) we validate the learned ontology by comparing it with a manual ontology built by security expert, the results demonstrates that the latent representation learned with neural networks could serve as a novel ontology format so as to provide a generalized machine-processable language for downstream works, which is the intention of the ontology; 3) finally, we develop a platform to achieve the entire intelligent ontology learning and utilization for cyber attack detection. Our experimental results shows that our proposed ontology is promising to collaborate with machine learning based methods in order to improve the intelligent intrusion detection for cyber security.

[ paper ]