Ali Ahmadian Ramaki scite author profile

Intrusion alert analysis is an attractive and active topic in the area of intrusion detection systems. In recent decades, many research communities have been working in this field. The main objective of this article is to achieve a taxonomy of research fields in intrusion alert analysis by using a systematic mapping study of 468 high-quality papers. The results show that there are 10 different research topics in the field, which can be classified into three broad groups: pre-processing, processing, and post-processing. The processing group contains most of the research works, and the post-processing group is newer than others.

show abstract

A survey of IT early warning systems: architectures, challenges, and solutions

Ramaki

Atani

2016

Security Comm Networks

View full text Add to dashboard Cite

With the advent of new technologies and various services provided in the context of computer networks, a large volume of data is being generated. The main challenge in this area is providing network protection services against various threats and vulnerabilities. So far, many techniques have been proposed to deal with these threats. All of these techniques pursue the same goal, preventing attackers from reaching their objectives. A solution based on early warning system(s) (EWSs) is what exactly security teams need to manage the threats properly. EWS, as a complement to Intrusion Detection System, is a proactive approach against security threats. This is carried out through the early detection of potential behavior of a system, evaluating the scope of malicious behavior, and finally, using suitable response against any kind of detectable security event. This paper presents a comprehensive review on EWSs including definitions, applications, architectures, alert correlation aspects, and other technical requirements. Furthermore, previous studies and existing EWSs have been described and analyzed here. A classification of EWSs has been presented: commercial systems and systems under research and development. Finally, from the studies about EWSs, we conclude some challenges and research issues are still remain open. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

A systematic review on intrusion detection based on the Hidden Markov Model

Ramaki

Rasoolzadegan

Jafari

2018

Statistical Analysis

View full text Add to dashboard Cite

Apart from using traditional security solutions in software systems such as firewalls and access control mechanisms, utilizing intrusion detection systems are also necessary. Intrusion detection is a process in which a set of methods are used to detect malicious activities against the victims. Many techniques for detecting potential intrusions in software systems have already been introduced. One of the most important techniques for intrusion detection based on machine learning is using Hidden Markov Models (HMM). In recent decades, many research communities have been working toward HMM-based intrusion detection. Therefore, a large volume of research works has been published and hence, various research areas have emerged in this field. However, until now, there has been no systematic and up-to-date review of research works within the field. This paper aims to survey the research in this field and provide open problems and challenges based on the analysis of advantages, limitations, types of architectural models, and applications of current techniques. Six various architecture models for intrusion detection purposes are proposed in the literature. We compare these models based on performance criteria in order to select an appropriate type for a specific application. The results show that HMM-based intrusion detection techniques have 6 main advantages-precise intrusion detection, ability to detect new and unknown intrusions, prediction of the intruder's potential next steps, usage in real-time applications by processing data streams on-the-fly, usage of heterogeneous data sources as input, and visual representation of acquired knowledge relative to the other techniques of machine learning. KEYWORDSHidden Markov Model, intrusion detection, intrusion detection system, statistical learning, system and network security

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.