@inproceedings{7d8605945c8741d285d1c338d8defbd5,
title = "DAEMON: Dynamic Auto-encoders for Contextualised Anomaly Detection Applied to Security MONitoring",
abstract = "The slow adoption rate of machine learning-based methods for novel attack detection by Security Operation Centers (SOC) analysts can be partly explained by their lack of data science expertise and the insufficient explainability of the results provided by these approaches. In this paper, we present an anomaly-based detection method that fuses events coming from heterogeneous sources into sets describing the same phenomenons and relies on a deep auto-encoder model to highlight anomalies and their context. To implicate security analysts and benefit from their expertise, we focus on limiting the need of data science knowledge during the configuration phase. Results on a lab environment, monitored using off-the-shelf tools, show good detection performances on several attack scenarios (F1 score ≈ 0.9 ), and eases the investigation of anomalies by quickly finding similar anomalies through clustering.",
keywords = "Anomaly detection, Heterogeneous log analysis, Human-automation cooperation, Intrusion detection, Machine learning",
author = "Alexandre Dey and Eric Totel and Benjamin Cost{\'e}",
note = "Publisher Copyright: {\textcopyright} 2022, IFIP International Federation for Information Processing.; 37th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2022 ; Conference date: 13-06-2022 Through 15-06-2022",
year = "2022",
month = jan,
day = "1",
doi = "10.1007/978-3-031-06975-8\_4",
language = "English",
isbn = "9783031069741",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "53--69",
editor = "Weizhi Meng and Simone Fischer-H{\"u}bner and Jensen, \{Christian D.\}",
booktitle = "ICT Systems Security and Privacy Protection - 37th IFIP TC 11 International Conference, SEC 2022, Proceedings",
}