Recently, coordinated attack campaigns started to become more widespread on the Internet. In May 2017, WannaCry infected more than 300,000 machines in 150 countries in a few days and had a large impact on critical infrastructure. Existing threat sharing platforms cannot easily adapt to emerging attack patterns. At the same time, enterprises started to adopt machine learning-based threat detection tools in their local networks. In this paper, we pose the question: \emph{What information can defenders share across multiple networks to help machine learning-based threat detection adapt to new coordinated attacks?} We propose three information sharing methods across two networks, and show how the shared information can be used in a machine-learning network-traffic model to significantly improve its ability of detecting evasive self-propagating malware.
@article{arxiv.2104.11636,
title = {Collaborative Information Sharing for ML-Based Threat Detection},
author = {Talha Ongun and Simona Boboila and Alina Oprea and Tina Eliassi-Rad and Alastair Nottingham and Jason Hiser and Jack Davidson},
journal= {arXiv preprint arXiv:2104.11636},
year = {2021}
}
Comments
6 pages, 5 figures. To be published in AI4CS-SDM2021