XTRACTIS for Cyber Security

Log-based Detection of Cyber Intrusions (DARPA)

Benchmark vs. Logistic Regression, Random Forests, Boosted Trees & Neural Networks

Design an AI-based decision system that accurately diagnoses an intrusion on a computer network from features of the connection logs, to instantly execute the appropriate rational action.
Goals & benefits

Identify the characteristics of logs defining a cyber intrusion. Enhance expert knowledge by helping cybersecurity specialists understand the causal relationships between specific log features, their combination, and the existence of an intrusion

Help IT detect cyberattacks as early as possible and understand the underlying strategy of the attacker in order to consider measures to thwart future attacks.

Avoid a large number of false alarms.

  • The top-model is a decision system composed of 25 gradual rules without chaining.
  • Each rule uses some of the 26 variables that XTRACTIS identified as predictors out of the 41 potential predictors characterizing each log.
  • Only a few rules are triggered at a time to compute the decision.

It has a very good to excellent Real Performance (on unknown data).

It computes real-time predictions up to 70,000 decisions/second, offline or online (API).

UC06 scores graph
LoR=Logistic Regression
RFo=Random Forests
BT=Boosted Trees
NN=Neural Networks

Detailed results and explanations in full document

Use Case 2024/02 (v5.0)

Powered by XTRACTIS® REVEAL 12.1.42925 (2022/07)


  1. Problem Definition
  2. XTRACTIS-induced Decision System
  3. XTRACTIS Process
  4. Top-Model Induction
  5. Explained Predictions for 3 unkown cases
  6. Top-Models Benchmark
  7. Appendices