A Rule Mining-based Advanced Persistent Threats Detection System
Authors: Sidahmed Benabderrahmane, Ghita Berrada, James Cheney, Petko Valtchev
IJCAI 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | When evaluated on Transparent Computing program datasets (DARPA), our method outperformed competing approaches. and 5 Evaluation Below, we first describe the data used in our experiments together with the selected performance metrics and then present the evaluation study outcome and discuss the observed trends. |
| Researcher Affiliation | Academia | Sidahmed Benabderrahmane1,2 , Ghita Berrada3,4 , James Cheney1,5 and Petko Valtchev6 1The University of Edinburgh, School of Informatics, Edinburgh, UK 2New York University, Computer Science Department 3King s College London, School of Population Health and Environmental Sciences, UK 4University of Manchester, School of Health Sciences, UK 5The Alan Turing Institute, UK 6Universit e du Qu ebec a Montr eal, CRIA, Montr eal (QC), Canada |
| Pseudocode | Yes | Algorithm 1 presents the pseudo-code of VR-ARM. |
| Open Source Code | No | The paper provides a link (3Code available at https://gitlab.com/anomaly Detection/baseline) for reimplemented baseline methods (FPOF, AVF, OC3, OD), but not explicitly for the authors' own proposed VR-ARM or VF-ARM methodology. |
| Open Datasets | Yes | In our evaluation study, we have used two data collections described in [Berrada et al., 2020], which are publicly available2. ... 2https://gitlab.com/adaptdata |
| Dataset Splits | No | The paper describes the datasets used and their characteristics (e.g., number of processes, attributes, attack percentages) but does not provide specific details on how these datasets were split into training, validation, or test sets for reproducibility. |
| Hardware Specification | Yes | Finally, experiments were run on an Intel Core i7-6700 CPU (3.4 GHz), 32 GB RAM PC with Ubuntu OS. |
| Software Dependencies | No | The paper mentions that baseline methods were reimplemented in Python, and publicly-available implementations of OC3 (in C++) and Compre X (in Matlab) were reused, but it does not provide specific version numbers for these languages or any key software libraries or dependencies for reproducibility. |
| Experiment Setup | Yes | Algorithm 1 presents the pseudo-code of VR-ARM. It takes as input a context C (i.e. a m n -table) plus the support and confidence thresholds. and We ran VR-ARM with max supp values ranging between 0.05 and 30 %. More interestingly, the rare rules found have confidence of 100%. Note that we kept the best configuration for every method that needs parameter tuning. |