End-To-End Anomaly Detection for Identifying Malicious Cyber Behavior through NLP-Based Log Embeddings
This work addresses the need for more robust and automated anomaly detection in cybersecurity for enterprise networks, representing an incremental improvement over existing neural IDS methods.
The paper tackled the problem of ad-hoc feature engineering in neural intrusion detection systems by proposing an end-to-end deep learning framework with NLP-inspired components for identifying malicious cyber behavior, demonstrating its efficacy on the DARPA OpTC dataset.
Rule-based IDS (intrusion detection systems) are being replaced by more robust neural IDS, which demonstrate great potential in the field of Cybersecurity. However, these ML approaches continue to rely on ad-hoc feature engineering techniques, which lack the capacity to vectorize inputs in ways that are fully relevant to the discovery of anomalous cyber activity. We propose a deep end-to-end framework with NLP-inspired components for identifying potentially malicious behaviors on enterprise computer networks. We also demonstrate the efficacy of this technique on the recently released DARPA OpTC data set.