Up-high to down-low: Applying machine learning to an exploit database

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Today machine learning is primarily applied to low level features such as machine code and measurable behaviors. However, a great asset for exploit type classifications is public exploit databases. Unfortunately, these databases contain only meta-data (high level or abstract data) of these exploits. Considering that classification depends on the raw measurements found in the field, these databases have been overlooked. In this study, we offer two usages for these high level datasets and evaluate their performance. The first usage is classification by using meta-data as a bridge (supervised), and the second usage is the study of exploits’ relations using clustering and Self Organizing Maps (unsupervised). Both offer insights into exploit detection and can be used as a means to better define exploit classes.

Original languageEnglish
Title of host publicationInnovative Security Solutions for Information Technology and Communications - 8th International Conference, SECITC 2015, Revised Selected Papers
EditorsDavid Naccache, Emil Simion, Ion Bica
PublisherSpringer Verlag
Pages184-200
Number of pages17
ISBN (Print)9783319271781
DOIs
StatePublished - 1 Jan 2015
Event8th International Conference on Innovative Security Solutions for Information Technology and Communications, SECITC 2015 - Bucharest, Romania
Duration: 11 Jun 201512 Jun 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9522
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference8th International Conference on Innovative Security Solutions for Information Technology and Communications, SECITC 2015
Country/TerritoryRomania
CityBucharest
Period11/06/1512/06/15

Keywords

  • Data mining
  • Exploit database
  • Machine learning
  • Pattern abstraction
  • Supervised
  • Unsupervised

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Up-high to down-low: Applying machine learning to an exploit database'. Together they form a unique fingerprint.

Cite this