Learning and Applying Ontology for Machine Learning in Cyber Attack Detection

摘要

In cyber security, the ontology is invented to provide vocabulary in a generalized machine-processable language for downstream works such as attack detection. Meanwhile, machine learning (ML) as a promising intelligent field, is widely investigated to achieve the automation of these tasks. Existing ML-based methods suffer from confines of specific data and preprocessing, while applying ontology with machine learning methods is still rarely discussed. In this paper, 1) we propose a novel approach for automatic attack detection by generating ontology with deep learning through neural network embeddings; 2) we validate the learned ontology by comparing it with a manual ontology built by security expert, the results demonstrates that the latent representation learned with neural networks could serve as a novel ontology format so as to provide a generalized machine-processable language for downstream works, which is the intention of the ontology; 3) finally, we develop a platform to achieve the entire intelligent ontology learning and utilization for cyber attack detection. Our experimental results shows that our proposed ontology is promising to collaborate with machine learning based methods in order to improve the intelligent intrusion detection for cyber security.