A method for intrusion detection in web services based on time series

Shirani, Paria; Azgomi, Mohammad Abdollahi; Alrabaee, Saed

doi:10.1109/ccece.2015.7129383

Cited by 9 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Outlier detection algorithms, such as the statistical outlier detection method or the Z-score method, are used to identify data points that significantly deviate from the expected behavior. Time series analysis techniques, such as autoregressive integrated moving average (ARIMA) models [10,11], are used to detect anomalies in temporal data. Statistical modeling approaches, such as Gaussian mixture models or hidden Markov models, are utilized to capture the statistical characteristics of normal behavior and detect anomalies based on deviations from the learned models [4,5].…”

Section: Statistical Approaches For Anomaly Detectionmentioning

confidence: 99%

Anomaly Detection in Intrusion Detection Systems

Parhizkari

2024

Artificial Intelligence

View full text Add to dashboard Cite

Intrusion detection systems (IDS) play a critical role in network security by monitoring systems and network traffic to detect anomalies and attacks. This study explores the different types of IDS, including host-based and network-based, along with their deployment scenarios. A key focus is on incorporating anomaly detection techniques within IDS to identify novel and unknown threats that evade signature-based methods. Statistical approaches like outlier detection and machine learning techniques like neural networks are discussed for building effective anomaly detection models. Data collection and preprocessing techniques, including feature engineering, are examined. Both unsupervised techniques like clustering and density estimation and supervised methods like classification are covered. Evaluation datasets and performance metrics for assessing anomaly detection models are highlighted. Challenges like curse of dimensionality and concept drift are outlined. Emerging trends include integrating deep learning and explainable AI into anomaly detection. Overall, this comprehensive study examines the role of anomaly detection within IDS, delves into various techniques and algorithms, surveys evaluation practices, discusses limitations and challenges, and provides insights into future research directions to advance network security through improved anomaly detection capabilities.

show abstract

Section: Statistical Approaches For Anomaly Detectionmentioning

confidence: 99%

Anomaly Detection in Intrusion Detection Systems

Parhizkari

2024

Artificial Intelligence

View full text Add to dashboard Cite

show abstract

“…The time intervals of an attack can be identified by analyzing the temporal distribution of malicious NetFlows (e.g., through the use of autocorrelation [27]). However, such intervals can be obtained also from a dataset documentation (e.g., [26]).…”

Section: Extraction Of Attack Scenariosmentioning

confidence: 99%

On the Evaluation of Sequential Machine Learning for Network Intrusion Detection

Andrea

Yang

2021

Proceedings of the 16th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Recent advances in deep learning renewed the research interests in machine learning for Network Intrusion Detection Systems (NIDS). Specifically, attention has been given to sequential learning models, due to their ability to extract the temporal characteristics of Network traffic Flows (NetFlows), and use them for NIDS tasks. However, the applications of these sequential models often consist of transferring and adapting methodologies directly from other fields, without an in-depth investigation on how to leverage the specific circumstances of cybersecurity scenarios; moreover, there is a lack of comprehensive studies on sequential models that rely on NetFlow data, which presents significant advantages over traditional full packet captures. We tackle this problem in this paper. We propose a detailed methodology to extract temporal sequences of NetFlows that denote patterns of malicious activities. Then, we apply this methodology to compare the efficacy of sequential learning models against traditional static learning models. In particular, we perform a fair comparison of a 'sequential' Long Short-Term Memory (LSTM) against a 'static' Feedforward Neural Networks (FNN) in distinct environments represented by two well-known datasets for NIDS: the CICIDS2017 and the CTU13. Our results highlight that LSTM achieves comparable performance to FNN in the CICIDS2017 with over 99.5% F1-score; while obtaining superior performance in the CTU13, with 95.7% F1-score against 91.5%. This paper thus paves the way to future applications of sequential learning models for NIDS. CCS CONCEPTS• Security and privacy → Intrusion detection systems; Network security; • Computing methodologies → Temporal reasoning.

show abstract

“…Zolotukhin and Kokkonen [35] focused on detection of application-layer DoS attacks that utilize encrypted protocols by applying an anomaly-detection-based approach to statistics extracted from network packets headers using the stacked autoencoder algorithm. Shirani, Azgomi and Alrabaee [36] proposed the detection of DDoS attacks on Web Services using time series and applying the ARIMA model. Tripathi, Hubballi and Singh [37] used Hellinger distance between two probability distributions generated in training and testing phases to detect Slow HTTP DoS attacks.…”

Section: Specific Attack Detection/preventionmentioning

confidence: 99%

Prevention and Fighting against Web Attacks through Anomaly Detection Technology. A Systematic Review

Riera

Higuera

et al. 2020

Sustainability

View full text Add to dashboard Cite

Numerous techniques have been developed in order to prevent attacks on web servers. Anomaly detection techniques are based on models of normal user and application behavior, interpreting deviations from the established pattern as indications of malicious activity. In this work, a systematic review of the use of anomaly detection techniques in the prevention and detection of web attacks is undertaken; in particular, we used the standardized method of a systematic review of literature in the field of computer science, proposed by Kitchenham. This method is applied to a set of 88 papers extracted from a total of 8041 reviewed papers, which have been published in notable journals. This paper discusses the process carried out in this systematic review, as well as the results and findings obtained to identify the current state of the art of web anomaly detection.

show abstract

A method for intrusion detection in web services based on time series

Cited by 9 publications

References 16 publications

Anomaly Detection in Intrusion Detection Systems

Anomaly Detection in Intrusion Detection Systems

On the Evaluation of Sequential Machine Learning for Network Intrusion Detection

Prevention and Fighting against Web Attacks through Anomaly Detection Technology. A Systematic Review

Contact Info

Product

Resources

About