Johan Galle
| Howest
ATT&CK, the Wikipedia of behaviour after a cyberintrusion, has recorded the techniques in attackers' behaviour for multiple domains (desktop, mobile, cloud, ICS). Behaviour is usually not a single action, but consists of several steps carried out by an enemy. The DICTATE (Detection through Intelligence in Cyber Tactics and Techniques) research will fundamentally improve cyberintrusion detection and response by using this ATT&CK knowledge base that allows to detect anomalies. Focusing on behaviour means that DICTATE will be able to detect the behaviour of attackers before any damage is done, not afterwards. A combination of semi-supervised and unsupervised machine learning and deep learning will help in the detection of individual and collective anomalies in the behavioural pattern of terminal nodes, network, hypervisor and cloud.