Asset Details
Do you wish to reserve the book?
A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks
Hey, we have placed the reservation for you!
By the way, why not check out events that you can attend while you pick your title.
Oops! Something went wrong.
Looks like we were not able to place the reservation. Kindly try again later.
Are you sure you want to remove the book from the shelf?
A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks
Do you wish to request the book?
A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks
Please be aware that the book you have requested cannot be checked out. If you would like to checkout this book, you can reserve another copy
We have requested the book for you!
Your request is successful and it will be processed during the Library working hours. Please check the status of your request in My Requests.
Oops! Something went wrong.
Looks like we were not able to place your request. Kindly try again later.
Journal Article
A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks
2024
Overview
The risk of intelligent cyber-attacks is increasing as the number of endpoint devices surges and non-face-to-face services expand. As the damage caused by advanced persistent threat (APT), an advanced cyber-attack, increases, companies are researching endpoint detection and response (EDR) or endpoint protection platform. However, because conventional open source-based EDR tools rely on the administrator's preset settings, detecting or responding to APT attacks with new patterns or variant malware requires substantial effort. In this study, fast detection and proactive response (FDPR) is proposed. FDPR complements the limitations of existing single EDR tools by combining google rapid response, an open-source detection-centric tool, an open-source host-based intrusion detection system security (OSSEC), and a response-centric EDR tool. As a result of the experiment, the attack detection performance of FDPR was 97.6%, 3.55 times, and 1.2 times, respectively, compared to the conventional ruleset-based intrusion detection system (R-IDS) and the conventional deep learning-based intrusion detection system (DL-IDS). In addition, compared to R-IDS, the passive response level was improved by 5.76 times, and the active response was enhanced by 11.53%, proving the superiority of the FDPR model.
Publisher
Springer Berlin Heidelberg,Springer Nature B.V
Subject
