Protection of an information system by artificial intelligence: a three-phase approach based on behaviour analysis to detect a hostile scenario
Jean-Philippe Fauvelle, Alexandre Dey, Sylvain Navers

TL;DR
This paper proposes a three-phase AI-based behaviour analysis approach for intrusion detection, enhancing traditional methods by correlating events to reduce false alarms and improve explainability in detecting hostile scenarios.
Contribution
It introduces a novel three-phase, unsupervised UEBA process that adds event correlation to improve detection accuracy and explainability, addressing limitations of existing IDS.
Findings
Effective event correlation reduces false positives and negatives.
Explainable results demonstrated on synthetic and real data.
Enhanced detection of hostile scenarios through behaviour analysis.
Abstract
The analysis of the behaviour of individuals and entities (UEBA) is an area of artificial intelligence that detects hostile actions (e.g. attacks, fraud, influence, poisoning) due to the unusual nature of observed events, by affixing to a signature-based operation. A UEBA process usually involves two phases, learning and inference. Intrusion detection systems (IDS) available still suffer from bias, including over-simplification of problems, underexploitation of the AI potential, insufficient consideration of the temporality of events, and perfectible management of the memory cycle of behaviours. In addition, while an alert generated by a signature-based IDS can refer to the signature on which the detection is based, the IDS in the UEBA domain produce results, often associated with a score, whose explainable character is less obvious. Our unsupervised approach is to enrich this process…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Advanced Malware Detection Techniques · Anomaly Detection Techniques and Applications
