XTRACTIS FOR cyber security
Log-based Identification of Cyber Intrusions (DARPA)
Benchmark vs. Logistic Regression, Random Forests, Boosted Trees & Neural Networks
Design an AI-based decision system that efficiently detects an intrusion on a computer network and identifies the type of attack from features of the connection logs, to execute the appropriate action rationally and instantly.
Goals & benefits
Identify the logs characterizing a computer intrusion. Enhance expert knowledge by helping cybersecurity specialists understand the causal relationships between specific logs features, their combination, and the type of intrusion.
Help IT diagnose the type of the cyberattack as early as possible and understand the underlying strategy of the attacker in order to consider measures to thwart future attacks.
Avoid a large number of false alarms.
XTRACTIS-INDUCED DECISION SYSTEM
- The top-model is a decision system composed of 36 unchained gradual rules, aggregated into 5 disjonctive rules.
- Each rule uses some of the 27 variables that XTRACTIS identified as significant (out of 41 Potential Predictors characterizing each log).
- Only a few rules are triggered at a time to compute the decision
It has a very good Real Performance (on unknown data).
It computes real-time predictions up to 70,000 decisions/second, offline or online (API).
BENCHMARK SCORES
LoR=Logistic Regression
RFo=Random Forests
BT=Boosted Trees
NN=Neural Networks
Detailed results and explanations in full document
RFo=Random Forests
BT=Boosted Trees
NN=Neural Networks
Detailed results and explanations in full document
Use Case 2024/06 (v3.2)
Results by XTRACTIS® REVEAL 12.2.43016 (2022/08)
CONTENTS
- Problem Definition
- XTRACTIS-induced Decision System
- XTRACTIS Process
- Top-Model Induction
- Explained Predictions for 4 unkown cases
- Top-Models Benchmark
- Appendices