A Simple Method for Improving Intrusion Detections in Corporate Networks

Nehinbe, Joshua Ojo

doi:10.1007/978-3-642-11530-1_13

Cited by 13 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attacks in DEFCON-10 dataset contains probing and non-probing attacks (e.g., bad packet, ports scan, port sweeps, etc.). Both versions are used by Nehinbe Ojo Joshua [80] for reclassifying network intrusions.…”

Section: Public Datasetsmentioning

confidence: 99%

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Ferrag

Μαγλαράς

Moschoyiannis

et al. 2020

Journal of Information Security and Applications

497

291

View full text Add to dashboard Cite

In this paper, we present a survey of deep learning approaches for cyber security intrusion detection, the datasets used, and a comparative study. Specifically, we provide a review of intrusion detection systems based on deep learning approaches. The dataset plays an important role in intrusion detection, therefore we describe 35 well-known cyber datasets and provide a classification of these datasets into seven categories; namely, network traffic-based dataset, electrical network-based dataset, internet traffic-based dataset, virtual private network-based dataset, android apps-based dataset, IoT traffic-based dataset, and internet-connected devices-based dataset. We analyze seven deep learning models including recurrent neural networks, deep neural networks, restricted Boltzmann machines, deep belief networks, convolutional neural networks, deep Boltzmann machines, and deep autoencoders. For each model, we study the performance in two categories of classification (binary and multiclass) under two new real traffic datasets, namely, the CSE-CIC-IDS2018 dataset and the Bot-IoT dataset. In addition, we use the most important performance indicators, namely, accuracy, false alarm rate, and detection rate for evaluating the efficiency of several methods.

show abstract

Section: Public Datasetsmentioning

confidence: 99%

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Ferrag

Μαγλαράς

Moschoyiannis

et al. 2020

Journal of Information Security and Applications

497

291

View full text Add to dashboard Cite

show abstract

“…The available public datasets, encompassing a broad spectrum of devices and setups, are classified into seven categories: Internet-connected devices, electrical networks, virtual private networks, Android applications, Internet traffic, IoT traffic, and network traffic. The most prominent of these datasets include DARPA [34], KDDCup99 [54], NSL-KDD [54], Kyoto [52], UNSW-NB15 [41], CIC-IDS2017 [50], CSE-CIC-IDS2018 [50], WSN-DS [11], DEFCON [44], CAIDA [3], CDX [2], CIC DoS [4], ISCX [5], ADFA2013 [1], TON_IoT [40], MAWI [6].…”

Section: Prior Researchmentioning

confidence: 99%

Autonomous Federated Learning for Distributed Intrusion Detection Systems in Public Networks

Mahmoodi,

Sheikhi,

Peltonen

et al. 2023

IEEE Access

View full text Add to dashboard Cite

The rapid integration of IoT, cloud, and edge computing has resulted in highly interconnected networks, emphasizing the need for advanced Intrusion Detection Systems (IDS) to maintain security. Successful AI-based IDS relies on high-quality data for model training. Even though a vast array of datasets from controlled settings are accessible, many fall short as they are outdated and lack the representative data of network traffic dynamics typically seen in public networks. This paper aims to advance understanding in designing testbed architectures for defense mechanisms within public networks. At its core, this research introduces a unique testbed utilizing the connectivity of panOULU Municipal public network in the city of Oulu, Finland. This experimental setup examines AI-driven security across the public network. It utilizes edge-to-cloud infrastructures, incorporating Software-Defined Networking (SDN) and Network Function Virtualization (NFV) via the VMware vSphere platform. During the training phase, a script distinguishes incoming packets as either benign or malicious based on well-defined local parameters and simulated attack scenarios. This labeled data is then utilized for training machine learning models within the Federated Learning framework, FED-ML. Subsequently, these models are evaluated on previously unseen data. The entire procedure, from traffic gathering to model training, operates without human involvement. The evaluation dataset and testbed configuration we have made publicly available through this research can deepen our understanding of the challenges in safeguarding public networks, especially those that blend various technologies in diverse environments.

show abstract

“…This traffic was generated during the Capture the Flag (CTF) competition, and is therefore significantly different from the real world network traffic comprising mainly of attack traffic. This dataset is therefore useful in studying attacks and alert correlation techniques [79,80]. If blended with simulated benign traffic at appropriate levels it could feasibly be used more widely, however the age and skewed event distribution in the dataset makes its utility today extremely limited.…”

Section: Defcon (The Shmoo Group 2000)mentioning

confidence: 99%

Are public intrusion datasets fit for purpose characterising the state of the art in intrusion event datasets

Kenyon¹,

Deka

Elizondo

2020

Computers & Security

View full text Add to dashboard Cite

In recent years cybersecurity attacks have caused major disruption and information loss for online organisations, with high profile incidents in the news. One of the key challenges in advancing the state of the art in intrusion detection is the lack of representative datasets. These datasets typically contain millions of time-ordered events (e.g. network packet traces, flow summaries, log entries); subsequently analysed to identify abnormal behavior and specific attacks [1]. Generating realistic datasets has historically required expensive networked assets, specialised traffic generators, and considerable design preparation. Even with advances in virtualisation it remains challenging to create and maintain a representative environment. Major improvements are needed in the design, quality and availability of datasets, to assist researchers in developing advanced detection techniques. With the emergence of new technology paradigms, such as intelligent transport and autonomous vehicles, it is also likely that new classes of threat will emerge [2]. Given the rate of change in threat behavior [3] datasets become quickly obsolete, and some of the most widely cited datasets date back over two decades. Older datasets have limited value: often heavily filtered and anonymised, with unrealistic event distributions, and opaque design methodology. The relative scarcity of (Intrusion Detection System) IDS datasets is compounded by the lack of a central registry, and inconsistent information on provenance. Researchers may also find it hard to locate datasets or understand their relative merits. In addition, many datasets rely on simulation, originating from academic or government institutions. The publication process itself often creates conflicts, with the need to de-identify sensitive information in order to meet regulations such as General Data Protection Act (GDPR) [4]. Another final issue for researchers is the lack of standardised metrics with which to compare dataset quality. In this paper we attempt to classify the most widely used public intrusion datasets, providing references to archives and associated literature. We illustrate their relative utility and scope, highlighting the threat composition, formats, special features, and associated limitations. We identify best practice in dataset design, and describe potential pitfalls of designing anomaly detection techniques based on data that may be either inappropriate, or compromised due to unrealistic threat coverage. Such contributions as made in this paper is expected to facilitate continuous research and development for effectively combating the constantly evolving cyber threat landscape.

show abstract

A Simple Method for Improving Intrusion Detections in Corporate Networks

Cited by 13 publications

References 8 publications

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Autonomous Federated Learning for Distributed Intrusion Detection Systems in Public Networks

Are public intrusion datasets fit for purpose characterising the state of the art in intrusion event datasets

Contact Info

Product

Resources

About