IT Intrusion Detection Using Statistical Learning and Testbed Measurements

arXiv:2402.13081v1 Announce Type: new
Abstract: We study automated intrusion detection in an IT infrastructure, specifically the problem of identifying the start of an attack, the type of attack, and the sequence of actions an attacker takes, based on continuous measurements from the infrastructure. We apply statistical learning methods, including Hidden Markov Model (HMM), Long Short-Term Memory (LSTM), and Random Forest Classifier (RFC) to map sequences of observations to sequences of predicted attack actions. In contrast to most related research, we …

abstract apply arxiv automated continuous cs.cr cs.lg detection hidden infrastructure it infrastructure markov statistical study type