Correlation Analysis Between Honeypot Data and IDS Alerts Using One-class SVM

Song, Jungsuk; Takakura, Hiroki; Okabe, Yasuo; Kwon, Yongjin

doi:10.5772/13951

Cited by 11 publications

(11 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The dataset is based on different attack scenarios. However, it is different from real world network traffic because over 40% of the dataset contains attacks, whereas the ratio of real world attacks is estimated to be approximately 1% [29].…”

Section: A Real Ids Datasetmentioning

confidence: 99%

“…As a result, the following 10 features remained in the ISCX dataset: application name (a1), total source bytes (a2), total destination bytes (a3), total destination packets (a4), total source packets (a5), direction (a6), source TCP flag description (a7), destination TCP flag description (a8), protocol name (a9), and duration (a10). We removed repeated datasets and obtained a dataset (Table 8) with a 1.21% attack rate, which is similar to the ratio of real network communication [29]. Training and testing datasets are formed by the ISCX dataset in the ratios of 60% and 40%, respectively.…”

Section: Preprocessingmentioning

confidence: 99%

“…On the other hand, normal traffic is generated through mail servers that were deployed into the same network with honeypots. Even though the mail server received small amount of attacks, they were considered as normal traffic [29]. The Kyoto dataset is considered a worthwhile dataset for the research community.…”

Section: A Real Ids Datasetmentioning

confidence: 99%

“…Because real world network communications usually contain less than 1% attack [29], we concentrated on datasets whose attack rate is close to 1%. DefCon [31] contains only attacks that are created for competitions that are conducted yearly.…”

Section: A Real Ids Datasetmentioning

confidence: 99%

See 3 more Smart Citations

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Akyol

Hacıbeyoğlu

Karlık

2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYWith the increase of network components connected to the Internet, the need to ensure secure connectivity is becoming increasingly vital. Intrusion Detection Systems (IDSs) are one of the common security components that identify security violations. This paper proposes a novel multilevel hybrid classifier that uses different feature sets on each classifier. It presents the Discernibility Function based Feature Selection method and two classifiers involving multilayer perceptron (MLP) and decision tree (C4.5). Experiments are conducted on the KDD'99 Cup and ISCX datasets, and the proposal demonstrates better performance than individual classifiers and other proposed hybrid classifiers. The proposed method provides significant improvement in the detection rates of attack classes and Cost Per Example (CPE) which was the primary evaluation method in the KDD'99

show abstract

Section: A Real Ids Datasetmentioning

confidence: 99%

Section: Preprocessingmentioning

confidence: 99%

Section: A Real Ids Datasetmentioning

confidence: 99%

Section: A Real Ids Datasetmentioning

confidence: 99%

See 2 more Smart Citations

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Akyol

Hacıbeyoğlu

Karlık

2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…They were able to identify several types of botnets based on those features. Other authors employed Significant Event Discovery (Buda & Bluemke, 2016), Long-Range Dependency (Zhan & Xu, 2013), Support Vector Machines (Song et al, 2011), Principal Components Analysis (Sharma & Mandeep, 2010;Almotairi, 2009), Symbolic Aggregate Approximation (Thonnard & Dacier, 2008) and feature correlation (Pham & Dacier, 2011). All of them indicate that the forensic examination of honeypot data is executable by standard data mining techniques.…”

Section: Background and Related Workmentioning

confidence: 99%

YAAS – On the Attribution of Honeypot Data

Fraunholz¹,

Krohmer²,

Antón³

et al. 2017

IJCSA

View full text Add to dashboard Cite

One of the major issues in digital forensics and attack analysis is the attribution of an attack to a type of malicious adversary. This is especially important to determine the relevance of an incident with respect to the threat it poses to a system. In this work, a holistic scheme to derive characteristics from honeypot data and to map this data to an attacker model is introduced. This scheme takes data that is provided by deception systems of any kind. After that, characteristics are derived that describe different attributes of an attacker. Those are used to categorise threats into one of nine attacker classes. This scheme has been evaluated with real world honeypot data. As expected, most attacks are rather harmless, but a few outliers have been identified.

show abstract

Ensemble approach for network threat detection and classification on cloud computing

Krishnaveni¹,

Prabakaran

2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary As Network traffic rises and attacks become more widespread and complicated, we must come across Innovative ways to enrich Intrusion Detection Systems in Cloud Computing. This paper proposes the Ensemble approaches for Network Intrusion Detection and Classification in Cloud. The major aids of the Ensemble Learning to improve the outcome of each Machine Learning Algorithms and to get a robust Classifier. Real Time Malicious Network Streams Samples were collected using Honeynet, which is deployed on cloud environment. We use supervised learning and Unsupervised learning algorithms for classifying the known malicious network streams and unknown malicious streams. Network related attacks can be segregated into four classes, namely, Denial of service (DOS), User to root (U2 R), Remote to local (R2L), and probe, and the vital constraints that must be overcome with the end goal to build efficient Intelligent Intrusion Detection. The motivation behind the proposed work is to enhance the accuracy rate with response time. The outcome obtained from the Ensemble method has better accuracy rate compared to the SVM, Naive Bayes, and Logistic regression method.

show abstract

Correlation Analysis Between Honeypot Data and IDS Alerts Using One-class SVM

Cited by 11 publications

References 34 publications

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

YAAS – On the Attribution of Honeypot Data

Ensemble approach for network threat detection and classification on cloud computing

Contact Info

Product

Resources

About