A Survey of Machine Learning Methods and their Applicability for Security Analysis
Name
Diana Šramova
Abstract
The problem highlighted in this thesis is to determine which Machine Learning (ML) and Deep Learning (DL) methods should be applied for detecting information technology (IT) security threats. As IT security attacks are becoming difficult to detect with current technology and resources, today's detection systems require solutions that utilize artificial intelligence (AI) subsets for robustness and automation.
The solution to solve this problem is an analysis of ML and DL methods, estimating their applicability across 3 security cases: User and Entity Behavior Analytics (UEBA), vulnerability detection, and phishing detection. This analysis covers both supervised and unsupervised methods, including random forest, support vector machines, logistic regression, k-nearest neighbor, clustering algorithms, association rules, recurrent neural networks, convolutional neural networks, stacked autoencoders, and generative adversarial networks. These methods are considered based on their inputs, outputs, strengths, and weaknesses for specific security cases. The study approach ensures classification, patterns recognition, anomaly identification, and penetration testing, enhancing the robustness and automation of security systems. This solution provides security professionals with guidance on selecting the ML or DL techniques that should be applied to specific IT security tasks, thereby reducing risks and mitigating security threats.
The solution to solve this problem is an analysis of ML and DL methods, estimating their applicability across 3 security cases: User and Entity Behavior Analytics (UEBA), vulnerability detection, and phishing detection. This analysis covers both supervised and unsupervised methods, including random forest, support vector machines, logistic regression, k-nearest neighbor, clustering algorithms, association rules, recurrent neural networks, convolutional neural networks, stacked autoencoders, and generative adversarial networks. These methods are considered based on their inputs, outputs, strengths, and weaknesses for specific security cases. The study approach ensures classification, patterns recognition, anomaly identification, and penetration testing, enhancing the robustness and automation of security systems. This solution provides security professionals with guidance on selecting the ML or DL techniques that should be applied to specific IT security tasks, thereby reducing risks and mitigating security threats.
Graduation Thesis language
English
Graduation Thesis type
Bachelor - Computer Science
Supervisor(s)
Raimundas Matulevičius
Defence year
2024