A Simple Method for Improving Intrusion Detections in Corporate Networks

Nehinbe, Joshua Ojo

doi:10.1007/978-3-642-11530-1_13

Cited by 11 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attacks in DEFCON-10 dataset contains probing and non-probing attacks (e.g., bad packet, ports scan, port sweeps, etc.). Both versions are used by Nehinbe Ojo Joshua [80] for reclassifying network intrusions.…”

Section: Public Datasetsmentioning

confidence: 99%

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Ferrag

Μαγλαράς

Moschoyiannis

et al. 2020

Journal of Information Security and Applications

470

246

View full text Add to dashboard Cite

In this paper, we present a survey of deep learning approaches for cyber security intrusion detection, the datasets used, and a comparative study. Specifically, we provide a review of intrusion detection systems based on deep learning approaches. The dataset plays an important role in intrusion detection, therefore we describe 35 well-known cyber datasets and provide a classification of these datasets into seven categories; namely, network traffic-based dataset, electrical network-based dataset, internet traffic-based dataset, virtual private network-based dataset, android apps-based dataset, IoT traffic-based dataset, and internet-connected devices-based dataset. We analyze seven deep learning models including recurrent neural networks, deep neural networks, restricted Boltzmann machines, deep belief networks, convolutional neural networks, deep Boltzmann machines, and deep autoencoders. For each model, we study the performance in two categories of classification (binary and multiclass) under two new real traffic datasets, namely, the CSE-CIC-IDS2018 dataset and the Bot-IoT dataset. In addition, we use the most important performance indicators, namely, accuracy, false alarm rate, and detection rate for evaluating the efficiency of several methods.

show abstract

Section: Public Datasetsmentioning

confidence: 99%

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Ferrag

Μαγλαράς

Moschoyiannis

et al. 2020

Journal of Information Security and Applications

470

246

View full text Add to dashboard Cite

show abstract

“…This traffic was generated during the Capture the Flag (CTF) competition, and is therefore significantly different from the real world network traffic comprising mainly of attack traffic. This dataset is therefore useful in studying attacks and alert correlation techniques [79,80]. If blended with simulated benign traffic at appropriate levels it could feasibly be used more widely, however the age and skewed event distribution in the dataset makes its utility today extremely limited.…”

Section: Defcon (The Shmoo Group 2000)mentioning

confidence: 99%

Are public intrusion datasets fit for purpose characterising the state of the art in intrusion event datasets

Kenyon¹,

Deka

Elizondo

2020

Computers & Security

View full text Add to dashboard Cite

In recent years cybersecurity attacks have caused major disruption and information loss for online organisations, with high profile incidents in the news. One of the key challenges in advancing the state of the art in intrusion detection is the lack of representative datasets. These datasets typically contain millions of time-ordered events (e.g. network packet traces, flow summaries, log entries); subsequently analysed to identify abnormal behavior and specific attacks [1]. Generating realistic datasets has historically required expensive networked assets, specialised traffic generators, and considerable design preparation. Even with advances in virtualisation it remains challenging to create and maintain a representative environment. Major improvements are needed in the design, quality and availability of datasets, to assist researchers in developing advanced detection techniques. With the emergence of new technology paradigms, such as intelligent transport and autonomous vehicles, it is also likely that new classes of threat will emerge [2]. Given the rate of change in threat behavior [3] datasets become quickly obsolete, and some of the most widely cited datasets date back over two decades. Older datasets have limited value: often heavily filtered and anonymised, with unrealistic event distributions, and opaque design methodology. The relative scarcity of (Intrusion Detection System) IDS datasets is compounded by the lack of a central registry, and inconsistent information on provenance. Researchers may also find it hard to locate datasets or understand their relative merits. In addition, many datasets rely on simulation, originating from academic or government institutions. The publication process itself often creates conflicts, with the need to de-identify sensitive information in order to meet regulations such as General Data Protection Act (GDPR) [4]. Another final issue for researchers is the lack of standardised metrics with which to compare dataset quality. In this paper we attempt to classify the most widely used public intrusion datasets, providing references to archives and associated literature. We illustrate their relative utility and scope, highlighting the threat composition, formats, special features, and associated limitations. We identify best practice in dataset design, and describe potential pitfalls of designing anomaly detection techniques based on data that may be either inappropriate, or compromised due to unrealistic threat coverage. Such contributions as made in this paper is expected to facilitate continuous research and development for effectively combating the constantly evolving cyber threat landscape.

show abstract

“…The traffic produced during CTF is very different from real world network traffic since it contains mostly intrusive traffic without any normal background traffic. Due to this limitation, DEFCON dataset has been found useful only in evaluating alert correlation techniques [43].…”

Section: Defcon Datasets (2002)mentioning

confidence: 99%

Combinatorial Optimization based Feature Selection Method: A study on Network Intrusion Detection

Nazir,

Khan

2019

Preprint

View full text Add to dashboard Cite

Advancements in computer networks and communication technologies like software defined networks (SDN), Internet of things (IoT), microservices architecture, cloud computing and network function virtualization (NFV) have opened new fronts and challenges for security experts to combat against modern cyberattacks. Relying on perimeter defense and signature-based network security solutions like Intrusion Detection and Prevention Systems (IDS/IPS) have failed to deliver adequate level of security against new attack vectors such as advance persistent threats, zero days, ransomware, botnets and other forms of targeted attacks. Recent developments in machine learning and cognitive computing have shown great potential to detect unknown and new intrusion events where legacy misuse and anomaly based intrusion detection systems usually fail. In this research study we applied state of the art machine learning algorithms on UNSW-NB15 dataset for potential applicability to detect new attacks. We also proposed a novel wrapper based feature selection technique TS-RF using metaheuristic Tabu Search (TS) algorithm and Random Forest (RF) ensemble classifier. Results obtained by applying proposed feature selection technique i.e. TS-RF on UNSW-NB15 dataset show improvement in overall intrusion detection accuracy while it reduces computation complexity as it removes more than 60% features.

show abstract

A Simple Method for Improving Intrusion Detections in Corporate Networks

Cited by 11 publications

References 8 publications

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Are public intrusion datasets fit for purpose characterising the state of the art in intrusion event datasets

Combinatorial Optimization based Feature Selection Method: A study on Network Intrusion Detection

Contact Info

Product

Resources

About