Prototype Open-Source Software Stack for the Reduction of False Positives and Negatives in the Detection of Cyber Indicators of Compromise and Attack

Chan, Steve

Home // CYBER 2018, The Third International Conference on Cyber-Technologies and Cyber-Systems // View article

Prototype Open-Source Software Stack for the Reduction of False Positives and Negatives in the Detection of Cyber Indicators of Compromise and Attack

Authors:
Steve Chan

Keywords: Threat Intelligence Processing Framework (TIPF); Security Orchestration (SO); Log [Analysis] and Correlation Engine (LCE); Container- Orchestration System (COS); Dynamic Service Discovery (DSD).

Abstract:
A prototypical solution stack (Solution Stack #1) with chosen Open-Source Software (OSS) components for an experiment was enhanced by hybridized OSS amalgams (e.g., Suricata and Sagan; Kubernetes, Nomad, Cloudify and Helios; MineMeld and Hector) and supplemented by select modified algorithms (e.g., modified N-Input Voting Algorithm [NIVA] modules and a modified Fault Tolerant Averaging Algorithm [FTAA] module) leveraged by ensemble method machine learning. The preliminary results of the prototype solution stack (Stack #2) indicate a reduction, with regards to cyber Indicators of Compromise (IOC) and indicators of attack (IOA), of false positives by approximately 15% and false negatives by approximately 47%.

Pages: 39 to 48

Copyright: Copyright (c) IARIA, 2018

Publication date: November 18, 2018

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-683-5

Location: Athens, Greece

Dates: from November 18, 2018 to November 22, 2018