We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks.
- Authors
Lee, Sun-Jin; Jeon, So-Eun; Lee, Il-Gu
- Abstract
The risk of intelligent cyber-attacks is increasing as the number of endpoint devices surges and non-face-to-face services expand. As the damage caused by advanced persistent threat (APT), an advanced cyber-attack, increases, companies are researching endpoint detection and response (EDR) or endpoint protection platform. However, because conventional open source-based EDR tools rely on the administrator's preset settings, detecting or responding to APT attacks with new patterns or variant malware requires substantial effort. In this study, fast detection and proactive response (FDPR) is proposed. FDPR complements the limitations of existing single EDR tools by combining google rapid response, an open-source detection-centric tool, an open-source host-based intrusion detection system security (OSSEC), and a response-centric EDR tool. As a result of the experiment, the attack detection performance of FDPR was 97.6%, 3.55 times, and 1.2 times, respectively, compared to the conventional ruleset-based intrusion detection system (R-IDS) and the conventional deep learning-based intrusion detection system (DL-IDS). In addition, compared to R-IDS, the passive response level was improved by 5.76 times, and the active response was enhanced by 11.53%, proving the superiority of the FDPR model.
- Subjects
CYBERTERRORISM; MACHINE learning; MALWARE; SECURITY systems; INTRUSION detection systems (Computer security)
- Publication
Soft Computing - A Fusion of Foundations, Methodologies & Applications, 2024, Vol 28, Issue 13/14, p7807
- ISSN
1432-7643
- Publication type
Article
- DOI
10.1007/s00500-024-09727-7