An approach for detecting multi-institution attacks

We present Soteria, a data processing pipeline for detecting multi-institution attacks. Soteria uses a set of machine learning techniques to detect future attacks, predict their future targets, and rank attacks based on their predicted severity. Our evaluation with real data from Canada-wide academic institution networks shows that Soteria can predict future attacks with 95% recall rate, predict the next targets of an attack with 97% recall rate, and detect attacks in the first 20% of their life span. Soteria is deployed in production and is in use by tens of Canadian academic institutions that are part of the CANARIE IDS project.