Combining rule-based system and machine learning to classify semi-natural language data

---

Authors

Zafar Hussain¹ , Jukka Nurminen¹ , Tommi Mikkonen¹

1. University of Helsinki

Conference / event

Intellisys, 2022, September 2022 (Amsterdam, Netherlands)

Poster summary

Computer vulnerabilities can be exploited in a variety of ways. Malicious actors may use a specific exploit, a secret pathway to enter a computer system, or a misconfiguration in one of the system components. In most of these attacks, malicious actors aim to run malicious programs through command-lines. One way to detect malicious activities on a machine is by analyzing the structure of command-lines. The detection can be based on a combination of different methods from rule engines to more advanced machine learning methods. These methods compare a new command-line to existing ones and classify it as similar or not-similar to any existing groups of command-lines. This helps in creating clusters of similar command-lines and identifying them as safe or malicious. As rule-based and Machine Learning (ML) approaches have distinct strengths, an attractive option is to use their combination as a hybrid approach to classify the command-lines.

Keywords

Commands, Document classification, Hybrid approach

Research areas

Computer and Information Science

References

No data provided

Funding

No data provided

Supplemental files

No data provided

Additional information

Competing interests

No competing interests were disclosed.

Data availability statement

The datasets generated during and / or analyzed during the current study are available from the corresponding author on reasonable request.

Creative Commons license

Copyright © 2023 Hussain et al. This is an open access work distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.