A Recursive PLS (Partial Least Squares) based Approach for Enterprise Threat Management

TL;DR

This paper introduces a recursive PLS-based adaptive model for enterprise threat management that learns from security events and helps security administrators respond effectively to ongoing threats.

Contribution

It presents a novel recursive PLS approach that models human expertise and contextual information for optimal response to security threats.

Findings

Model is theoretically optimal and recursive.

Effective in continuous security event analysis.

Applicable in centralized and decentralized settings.

Abstract

Most of the existing solutions to enterprise threat management are preventive approaches prescribing means to prevent policy violations with varying degrees of success. In this paper we consider the complementary scenario where a number of security violations have already occurred, or security threats, or vulnerabilities have been reported and a security administrator needs to generate optimal response to these security events. We present a principled approach to study and model the human expertise in responding to the emergent threats owing to these security events. A recursive Partial Least Squares based adaptive learning model is defined using a factorial analysis of the security events together with a method for estimating the effect of global context dependent semantic information used by the security administrators. Presented model is theoretically optimal and operationally recursive in nature to deal with the set of security events being generated continuously. We discuss the underlying challenges and ways in which the model could be operationalized in centralized versus decentralized, and real-time versus batch processing modes.