Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

Wang, Wei; Guyet, Thomas; Quiniou, René; Cordier, Marie-Odile; Masséglia, Florent; Zhang, Xiangliang

doi:10.1016/j.knosys.2014.06.018

Cited by 86 publications

(36 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In both the ls-and sl-methods, the extracted traffic data is used for training a baseline model. Although some auto-labeling techniques based on machine learning theory [21] can be also used to correct/prevent human errors, such techniques needs higher processing cost than time-periodic packet sampling. The proposed methods in this paper enable us to correct/prevent human errors with lower processing cost.…”

Section: Procedures Of Proposed Methodsmentioning

confidence: 99%

Human error tolerant anomaly detection based on time-periodic packet sampling

Uchida

2016

Knowledge-Based Systems

View full text Add to dashboard Cite

Section: Procedures Of Proposed Methodsmentioning

confidence: 99%

Human error tolerant anomaly detection based on time-periodic packet sampling

Uchida

2016

Knowledge-Based Systems

View full text Add to dashboard Cite

“…The analysis of subject behavior over the unlabeled HTTP streams is required in IDS. Wang et al [22] employed Affinity Propagation (AP) algorithm to learn the subject's behavior in dynamic clustering. The data classification, human interaction, deficiency in labeled data were the important issues in NIDS.…”

Section: Related Workmentioning

confidence: 99%

A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

Sadhasivan¹,

Kannapiran²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS) to detect the anomalies in the real-time datasets such as KDD and SCADA. Besides, the feedback loop provides the necessary update of attacks in the database that leads to the improvement in the detection accuracy. The combination of the rules and responsibilities for multiagents effectively detects the anomaly behavior, misuse of response, or relay reports of gas/water pipeline data in KDD and SCADA, respectively. The comparative analysis of the proposed ARMA-IDS with the various existing path mining methods, namely, random forest, JRip, a combination of AdaBoost/JRip, and common path mining on the SCADA dataset conveys that the effectiveness of the proposed ARMA-IDS in the real-time fault monitoring. Moreover, the proposed ARMA-IDS offers the higher detection rate in the SCADA and KDD cup 1999 datasets.

show abstract

“…Since attackers have become more sophisticated and utilized more advanced web attack toolkits, the detection model might become obsolete and outdated, incapable of detecting the latest malicious queries in web attacks. Previous adaptive attack detection methods [16][17][18] are designed for network intrusions and are not applicable to web attacks. A practical solution for keeping the web attack detection model constantly updated is to incorporate the latest important queries, including informative benign queries and representative malicious queries.…”

Section: Introductionmentioning

confidence: 99%

An adaptive system for detecting malicious queries in web attacks

Dong

Zhang

et al. 2018

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Web request query strings (queries), which pass parameters to the referenced resource, are always manipulated by attackers to retrieve sensitive data and even take full control of victim web servers and web applications. However, existing malicious query detection approaches in the current literature cannot cope with changing web attacks with constant detection models. In this paper, we propose AMODS, an adaptive system that periodically updates the detection model to detect the latest unknown attacks. We also propose an adaptive learning strategy, called SVM HYBRID, leveraged by our system to minimize manual work. In the evaluation, an up-to-date detection model is trained on a ten-day query dataset collected from an academic institute's web server logs. Our system outperforms existing web attack detection methods, with an F-value of 94.79% and FP rate of 0.09%. The total number of malicious queries obtained by SVM HYBRID is 2.78 times that by the popular Support Vector Machine Adaptive Learning (SVM AL) method. The malicious queries obtained can be used to update the Web Application Firewall (WAF) signature library.

show abstract

Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

Cited by 86 publications

References 42 publications

Human error tolerant anomaly detection based on time-periodic packet sampling

Human error tolerant anomaly detection based on time-periodic packet sampling

A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

An adaptive system for detecting malicious queries in web attacks

Contact Info

Product

Resources

About