Detecting attack signatures in the real network traffic with ANNIDA

Silva, Lília de Sá; Santos, Adriana C. Ferrari dos; Mancilha, Thiago Dias; Silva, José Demísio Simíes da; Montes, Agustín

doi:10.1016/j.eswa.2007.03.011

Cited by 20 publications

(9 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Most of the mechanisms proposed so far for detection of flood attacks are signature‐based, therefore they are unable to detect the unknown attacks and results with high‐false acceptance rate . These limitations motivated the research community to propose anomaly based intelligent detection mechanisms that result in low‐false rates .…”

Section: Related Workmentioning

confidence: 99%

“…If a new type of flooding attack is determined, a new classifier is allocated to the new attack traffic and added into the trained ensemble without retraining of the whole ensemble. Most of the mechanisms proposed so far for detection of flood attacks are signature-based, therefore they are unable to detect the unknown attacks and results with highfalse acceptance rate [26,27]. These limitations motivated the research community to propose anomaly based intelligent detection mechanisms that result in low-false rates [28,29].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks

Khan

Shams

et al. 2015

Security Comm Networks

View full text Add to dashboard Cite

Multi-hop wireless mesh networks (WMNs) are increasingly growing interest as a promising technology for high-speed network access. WMNs are integrated with other networks such as Internet, sensor networks, and cellular networks through gateways. Therefore gateways in WMNs are prone to various security threads and can be easily exploited by the attacker from any part of the Internet to launch a distributed flooding attack to compromise computer systems, affect the network performance, and destruct the services. Many approaches have been proposed by researchers in this regard but still more efforts are needed in terms of accuracy and efficiency. In this research paper, we will propose an artificial neural network-based technique for detection of distributed flooding attacks to things such as sensors or actuators in WMNs called the distributed flood attack detector. In our simulation, sample dataset used to train and test the artificial neural network is generated using NS-2 network simulator. Simulation results and real system implementation proved that the distributed flood attack detector can be used in a real network environment to detect the intermediate and severe distributed flood attacks with low-false positive and false-negative rates.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks

Khan

Shams

et al. 2015

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…By undergoing this kind of attempts, catastrophic failures of susceptible systems can be reduced. Detection stability and detection precision are two key indicators used to evaluate IDS (Intrusion Detection System) [26]. Many of the IDS research studies have been done in order to improve the detection stability and detection precision [22].…”

Section: Introductionmentioning

confidence: 99%

Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach

Jabez

Muthukumar

2015

Procedia Computer Science

130

View full text Add to dashboard Cite

An Intrusion Detection System (IDS) is a software application or device that monitors the system or activities of network for policy violations or malicious activities and generates reports to the management system. A number of systems may try to prevent an intrusion attempt but this is neither required nor expected of a monitoring system. The main focus of Intrusion detection and prevention systems (IDPS) is to identify the possible incidents, logging information about them and in report attempts. In addition, organizations use IDPS for other purposes, like identifying problems with security policies, deterring individuals and documenting existing threats from infringing security policies. IDPS have become an essential addition to the security infrastructure of nearly every organization. Various methods can be used to detect intrusions but each one is specific to a specific method. The main goal of an intrusion detection system is to detect the attacks efficiently. Furthermore, it is equally important to detect attacks at a beginning stage in order to reduce their impacts. This research work proposed a new approach called outlier detection where, the anomaly dataset is measured by the Neighborhood Outlier Factor (NOF). Here, trained model consists of big datasets with distributed storage environment for improving the performance of Intrusion Detection system. The experimental results proved that the proposed approach identifies the anomalies very effectively than any other approaches.

show abstract

“…Especificamente para redes de computadores, têm-se os Sistemas de Detecção de Intrusão de Rede (SDIR) [31], que utilizam informações coletadas em uma rede ou segmento de rede para identificar ataques que estejam ocorrendo ou que já tenham ocorrido. Para a análise dos dados coletados da rede, os SDIR usam principalmente [20] a abordagem baseada em assinaturas [39] e a abordagem baseada em anomalias [21], ambas apresentando suas peculiaridades e limitações. A abordagem baseada em assinaturas [20] requer um conhecimento prévio a respeito da forma como cada ataque a uma rede ocorre, ou seja, sua assinatura.…”

Section: Introductionunclassified

Detecção de Anomalias em Redes de Computadores e o uso de Wavelets

Perlin¹,

Nunes²,

Kozakevicius³

2011

RBCA

View full text Add to dashboard Cite

Resumo: Ataques em redes de computadores comprometem a segurança do sistema e degradam o desempenho da rede, causando prejuízos aos usuários e às organizações. Sistemas Detectores de Intrusões de Rede são usados para a detecção de ataques ou outras atividades maliciosas por meio da análise do tráfego. A detecção de anomalias é uma abordagem de análise usada na detecção de intrusões, na qual se assume que a presença de anomalias no tráfego, desvios em relação a um comportamento padrão, seja indicativo de um ataque ou defeito. Uma das principais dificuldades dos Sistemas de Detecção de Intrusão de Rede baseados em anomalias está na construção do perfil devido à complexidade do tráfego de rede. Métodos derivados da Análise de Sinais, dentre os quais a transformada wavelet, têm recentemente demonstrado aplicabilidade na detecção de anomalias de rede. Esse artigo apresenta os conceitos fundamentais de detecção de intrusão, bem como conceitos recentes relacionados à detecção por anomalias através de transformadas wavelet, uma técnica com capacidade de análise em multirresolução e baixa complexidade computacional. Palavras-chave: Detecção de intrusões. Anomalias. Ataques. Wavelet. Segurança da informação.

show abstract

Detecting attack signatures in the real network traffic with ANNIDA

Cited by 20 publications

References 7 publications

Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks

Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks

Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach

Detecção de Anomalias em Redes de Computadores e o uso de Wavelets

Contact Info

Product

Resources

About