A Novel Immune Detection Approach Enhanced by Attack Graph Based Correlation

Melo, Roberto Vasconcelos; Macedo, Douglas Dyllon Jerônimo de; Dantas, A R Mario; Bona, C. E. Luis de

doi:10.1109/iscc47284.2019.8969772

Cited by 8 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The human immune system (HIS) has been an alternate DDoS attack detection field of research that is used to create an IDS system for IoT devices [ 12 ]. A novel AIS-based DDoS IDS system based on three immune concepts: adverse selection, danger theory, and clonal selection has been proposed [ 13 , 14 ]. DDoS attacks are detected by three fundamental network components: the source network, the intermediate network, and the endpoint.…”

Section: Introductionmentioning

confidence: 99%

An Intelligent Agent-Based Detection System for DDoS Attacks Using Automatic Feature Extraction and Selection

Bakar

Huang

Javed

et al. 2023

Sensors

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks, advanced persistent threats, and malware actively compromise the availability and security of Internet services. Thus, this paper proposes an intelligent agent system for detecting DDoS attacks using automatic feature extraction and selection. We used dataset CICDDoS2019, a custom-generated dataset, in our experiment, and the system achieved a 99.7% improvement over state-of-the-art machine learning-based DDoS attack detection techniques. We also designed an agent-based mechanism that combines machine learning techniques and sequential feature selection in this system. The system learning phase selected the best features and reconstructed the DDoS detector agent when the system dynamically detected DDoS attack traffic. By utilizing the most recent CICDDoS2019 custom-generated dataset and automatic feature extraction and selection, our proposed method meets the current, most advanced detection accuracy while delivering faster processing than the current standard.

show abstract

Section: Introductionmentioning

confidence: 99%

An Intelligent Agent-Based Detection System for DDoS Attacks Using Automatic Feature Extraction and Selection

Bakar

Huang

Javed

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Such advances in technological terms have been obtained and studied mainly from to allow adults to live with a better quality of life, have a long productive life and that the state expenses with health are reduced [2]. These are some researches that approached technological aspects from information sciences perspectives [3,4,5,6,7,8]. This increase in the use of digital forms for making payments and commercial receipts, as well as the wide range of possibilities for committing fraud in such procedures, make such activities demand greater attention from police authorities, to identify possible crimes and strange movements, especially money laundry [9].…”

Section: Introductionmentioning

confidence: 99%

An approach to financial information analysis by the Brazilian Federal Police

Filho

Macedo

2023

EAI Endorsed Scal Inf Syst

View full text Add to dashboard Cite

INTRODUCTION: One of the tasks performed by the Federal Police is the verification and cross-referencing of data contained in Financial Intelligence Reports (FIRs) produced and forwarded by the Financial Activities Control Council (COAF) - an activity in which, among the police involved, the absence of a standard system of execution. OBJECTIVES: The present work aims to present a study on the form currently in use within the scope of the Federal Police Station regarding the analysis of FIRs from the COAF, then presenting a methodology suggestion, aiming to speed up the process. Regarding open sources, the objective is to carry out a survey of possible complementary repositories not yet used and to expose ways of implementing queries. METHODS: Pointing out the workflow currently used (displaying it in graphic form) as well as identifying the data sources consulted (open sources and closed sources) during the process, CONCLUSION: understanding how the FIR analysis system is currently carried out, identifying possible aspects for improvement, and suggesting a methodology to be used, indicating for this the use of files in a specific format (.CSV), exclusion of queries in similar repositories (System “A”) and, mainly, the automation of part of the procedure (with the use of the RIBOT prototype software).

show abstract

“…Infected computers are known as bots or zombies and are controlled by botmaster [4,[6][7][8] that communicate to bot-client via a communication channel [3,9] to attack a computer target. Bot's malicious activities can be in the form of distributed denial of service (DDoS), spreading malware, phishing, sending spam messages, and misrepresentation of multi-layer adaptive clicks [1,[10][11][12][13]. Botnets use a command & control (C&C) structure in carrying out all their activities [3][4][5][6][7][8][9]14], including communication between bots and botmasters in sending commands and updating code from the botnet control system [4,8].…”

Section: Introductionmentioning

confidence: 99%

Analysis of Botnet Attack Communication Pattern Behavior on Computer Networks

2022

IJIES

View full text Add to dashboard Cite

Botnets are a severe threat to a computer network, affecting various aspects of security systems, including spreading malicious programs, phishing, sending spam messages, and click fraud. Because of their negative consequences, botnets must be identified early. Nevertheless, their different characteristics have made them challenging to detect. This research proposes a bot patterns communication detection from traffic flows analysis consisting of three main activities: bot detection, extraction, and communication behavior analysis phases. This proposed model aims to obtain a specific behavior of bot attacks, which can be used as an early warning bots attack system. The process of bot patterns communication detection depends on the accuracy of bot detection, so the model improves the pre-processing phase and uses multi-model classification. Improvement in the pre-processing phase is carried out in the feature engineering section using the concept of one-hot encoding. Several machine learning classification models are used to obtain the best detection accuracy: Decision tree, Random forest, Logistic regression, k-NN, and Naïve Bayes. Furthermore, the model has been tested on two different datasets, namely the NCC and CTU-13. The experimental results show that the proposed model is optimal and recognizes bot activities well. The accuracy detection is obtained at 99.99%. Besides, the model can also identify the bot's attack activity scenario and communication behavior in three types: centralized, distributed, and spread.

show abstract

A Novel Immune Detection Approach Enhanced by Attack Graph Based Correlation

Cited by 8 publications

References 15 publications

An Intelligent Agent-Based Detection System for DDoS Attacks Using Automatic Feature Extraction and Selection

An Intelligent Agent-Based Detection System for DDoS Attacks Using Automatic Feature Extraction and Selection

An approach to financial information analysis by the Brazilian Federal Police

Analysis of Botnet Attack Communication Pattern Behavior on Computer Networks

Contact Info

Product

Resources

About