An Anomaly-Based IDS Framework Using Centroid-Based Classification

Lin, Iuon-Chang; Chang, Ching-Chun; Peng, Chih-Hsiang

doi:10.3390/sym14010105

Cited by 6 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It starts with a general overview of the framework, followed by a detailed explanation of how each component works. The AW updates the applicable ruleset, monitors the performance of the LID, and updates the MAD after a successful reconfiguration [24]. The MAD handles the reconfiguration of multiple LIDs, manages their lifecycle, and collects performance metrics.…”

Section: G Self-adaptable System For Intrusion Detection In Iaasmentioning

confidence: 99%

“…LIDs are deployed on separate nodes and are used to collect and analyze network packets, either using anomaly-based or signature-based techniques. The AW updates the applicable ruleset, monitors the performance of the LID, and updates the MAD after a successful reconfiguration[24]. The MAD handles the reconfiguration of multiple LIDs, manages their lifecycle, and collects performance metrics.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Self-Adapting Security Monitoring in Eucalyptus Cloud Environment

Mahmood¹,

Yahaya²,

Rakhshandeh³

et al. 2023

IJACSA

View full text Add to dashboard Cite

This paper discusses the importance of virtual machine (VM) scheduling strategies in cloud computing environments for handling the increasing number of tasks due to virtualization and cloud computing technology adoption. The paper evaluates legacy methods and specific VM scheduling algorithms for the Eucalyptus cloud environment and compare existing algorithms using QoS. The paper also presents a selfadapting security monitoring system for cloud infrastructure that takes into account the specific monitoring requirements of each tenant. The system uses Master Adaptation Drivers to convert tenant requirements into configuration settings and the Adaptation Manager to coordinate the adaptation process. The framework ensures security, cost efficiency, and responsiveness to dynamic events in the cloud environment. The paper also presents the need for improvement in the current security monitoring platform to support more types of monitoring devices and cover the consequences of multi-tenant setups. Future work includes incorporating log collectors and aggregators and addressing the needs of a super-tenant in the security monitoring architecture. The equitable sharing of monitoring resources between tenants and the provider should be established with an adjustable threshold mentioned in the SLA. The results of experiments show that Enhanced Round-Robin uses less energy compared to other methods, and the Fusion Method outperforms other techniques by reducing the number of Physical Machines turned on and increasing power efficiency.

show abstract

Section: G Self-adaptable System For Intrusion Detection In Iaasmentioning

confidence: 99%

mentioning

confidence: 99%

Self-Adapting Security Monitoring in Eucalyptus Cloud Environment

Mahmood¹,

Yahaya²,

Rakhshandeh³

et al. 2023

IJACSA

View full text Add to dashboard Cite

show abstract

“…In this study, we present five standard binary classifiers: the k-Nearest Neighbor (k-NN), weighted k-NN (wk-NN), DT, SVM, and Feedforward Neural Network (FNN). A k-NN is the most well-known distance-based algorithm that assigns a new instance to a class to which most of its k nearest neighbors belong [12,13]. A k-NN model with k = 10 and a similarity measure is based on Euclidean distance because of its robustness to noisy data, flexibility, and easy implementation [14].…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity in Smart Cities: Detection of Opposing Decisions on Anomalies in the Computer Network Behavior

et al. 2022

View full text Add to dashboard Cite

The increased use of urban technologies in smart cities brings new challenges and issues. Cyber security has become increasingly important as many critical components of information and communication systems depend on it, including various applications and civic infrastructures that use data-driven technologies and computer networks. Intrusion detection systems monitor computer networks for malicious activity. Signature-based intrusion detection systems compare the network traffic pattern to a set of known attack signatures and cannot identify unknown attacks. Anomaly-based intrusion detection systems monitor network traffic to detect changes in network behavior and identify unknown attacks. The biggest obstacle to anomaly detection is building a statistical normality model, which is difficult because a large amount of data is required to estimate the model. Supervised machine learning-based binary classifiers are excellent tools for classifying data as normal or abnormal. Feature selection and feature scaling are performed to eliminate redundant and irrelevant data. Of the 24 features of the Kyoto 2006+ dataset, nine numerical features are considered essential for model training. Min-Max normalization in the range [0,1] and [−1,1], Z-score standardization, and new hyperbolic tangent normalization are used for scaling. A hyperbolic tangent normalization is based on the Levenberg-Marquardt damping strategy and linearization of the hyperbolic tangent function with a narrow slope gradient around zero. Due to proven classification ability, in this study we used a feedforward neural network, decision tree, support vector machine, k-nearest neighbor, and weighted k-nearest neighbor models Overall accuracy decreased by less than 0.1 per cent, while processing time was reduced by more than a two-fold reduction. The results show a clear benefit of the TH scaling regarding processing time. Regardless of how accurate the classifiers are, their decisions can sometimes differ. Our study describes a conflicting decision detector based on an XOR operation performed on the outputs of two classifiers, the fastest feedforward neural network, and the more accurate but slower weighted k-nearest neighbor model. The results show that up to 6% of different decisions are detected.

show abstract

“…IDS sendiri terbagi menjadi dua tipe yaitu signature-based dan anomaly-based, anomalybased mengklasifikasikan serangan dengan membandingkan paket, apabila paket dirasa tidak normal maka paket akan diklasifikasi sebagai serangan. berbeda dengan anomaly-based, signature-based membandingkan paket data dengan data serangan yang telah diidentifikasi sebelumnya, sehingga anomaly-based memiliki kelebihan dapat menganalisis serangan yang tidak dikenali sebelumnya [4]. Deteksi anomali dapat dimanfaatkan untuk mengenali serangan dari pengalaman untuk mendeteksi perilaku yang tidak normal dari pengguna [5].…”

unclassified

Deteksi Dini Serangan Pada Website Menggunakan Metode Anomali Based

Fariadi¹,

Islami²

2022

JIKO

View full text Add to dashboard Cite

Website merupakan sebuah sarana dalam mengakses informasi kapanpun dan dimanapun selain itu website juga merupakan media yang digunakan untuk memasarkan produk, mempresentasikan citra perusahaan maupun instansi sehingga perlu di jaga keamanannya, tingginya minat pada website dapat meningkatkan resiko website dari serangan pihak yang tidak bertanggung jawab (bad actors). Serangan pada website dapat mengganggu intergritas data (integrity) dan ketersediaan data (availability), untuk itu penelitian ini akan membangun sistem yang dapat mendeteksi dan melakukan antisipasi serangan dengan meggunakan metode anomali based yang akan mendeteksi serangan berdasarkan perilaku visitor website dan mengantisipasi serangan tersebut secara otomatis dengan memblokir IP Address pengguna, ketika mendeteksi serangan sistem akan menghitung beberapa variable yaitu jumlah error 404 (not found) yang didapatkan dari catatan pengunjung (log visitor), pengunjung dianggap sebuah anomali apabila pengunjung melakukan hal yang tidak wajar yaitu melebihi batas error 404 yang di tentukan dengan melakukan kalkulasi rata-rata error 404 dalam satu hari, apabila terdapat pengguna yang melakukan error 404 melebihi rata-rata maka IP Address pengguna akan di blokir. Berdasarkan pengujian yang dilakukan dengan menggunakan metode penetration testing, sistem deteksi menggunakan metode anomali based dapat mendeteksi serangan dengan baik.

show abstract

An Anomaly-Based IDS Framework Using Centroid-Based Classification

Cited by 6 publications

References 29 publications

Self-Adapting Security Monitoring in Eucalyptus Cloud Environment

Self-Adapting Security Monitoring in Eucalyptus Cloud Environment

Cybersecurity in Smart Cities: Detection of Opposing Decisions on Anomalies in the Computer Network Behavior

Deteksi Dini Serangan Pada Website Menggunakan Metode Anomali Based

Contact Info

Product

Resources

About