Machine Learning Methods of Intelligent System Event Analysis for Multistep Cyberattack Detection

This study presents a classification and comparative analysis of intelligent system event methods for detecting multistep cyberattacks. Such attacks are a sequence of interrelated steps taken by the attacker pursuing a specific goal of intrusion. The paper analyzes approaches to multistep cyberattack detection using machine learning on system event data, including supervised learning, unsupervised learning, and semi-supervised learning. The approaches considered are analyzed according to the following criteria: the method of extracting knowledge about scenarios of system events and attacks, the scenario knowledge representation method, the security events analysis method, the security problem to be solved, and the data set used. The paper exposes the main advantages and disadvantages of machine learning approaches to detecting multistep cyberattacks as well as possible research directions in this domain.