These days cybercrime exceeds drug trade and it will definitely grow further. Our computer systems are more connected than ever, for this reason, they are far more vulnerable to malicious attacks and breaches. Logs can indicate any critical event that occurred in any system but the enormous size of log files generated every day makes it impossible for humans to monitor every possible incident. There are solutions based on pre-defined rules like we blacklist some IP addresses and if someone tries to connect to our system with a blacklisted property it would alert us. The main problem with this approach is that we always forgot something about the blacklist too, these indicators can be also changed easily. An IP address change takes only a few minutes for the attacker. New types of attacks are also not recognized with this type of defense, only pre-programmed attack indicators can be noticed. A second solution is anomaly detection. We can strengthen our defense strategy with deep learning and data mining. Anomaly detection can show us if something out of the ordinary happens in our system. The drawback of this solution is that if we can not optimize our machine learning model’s learning strategy it will show us several false positive alerts. Although it is not a huge a problem if it indeed finds possible attacks which are real threats to our system. Every computer system can be hacked but these solutions combined can lower the risk for possible exploitation. Anomaly detection is improving day by day it can alert us before a possible break in attempt succeeds and for this reason, it is essential in a next-generation cyber defense system.
Palkovics Bence
2021-07-14
Támogató: Quadron Kibervédelmi Kft.