Exploiting N-Gram Location for Intrusion Detection

Angiulli, Fabrizio; Argento, Luciano; Furfaro, Angelo

doi:10.1109/ictai.2015.155

Cited by 13 publications

(8 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specifically, we considered three granularities: device type, device type and make, and specific device instance. 4 We also conducted experiments to examine various special cases where verification is less successful. For example, VIA's verification performs worse in cases where nearly identical devices (i.e., devices of the same type, make, and model) exist in both the target and other classes.…”

Section: Evaluation and Resultsmentioning

confidence: 99%

“…Wireless traffic analysis systems and Intrusion Detection Systems have a long and rich history [2,4,6,11,12,16,23,25,26,29,33,35,39,48,55,58]. Generally speaking, wireless traffic analysis systems and Intrusion Detection Systems (IDS) continually monitor computers or networks, collecting data (e.g., system calls, network communication), extracting quantifiable features from this data, and applying a variety of techniques to analyze the data in search of signs of anomalies or compromise.…”

Section: Intrusion Detection Systems (Ids)mentioning

confidence: 99%

“…To model network traffic in IP-based networks, past systems have successfully used n-grams (e.g., PAYL [55], PCkAD [4]). To describe data in terms of n-grams, we adopt the definition presented by Wressnegger et al [56] and summarize it below.…”

Section: Network Traffic Modeling and Analysismentioning

confidence: 99%

“…Attempts to improve upon simple 1-gram models have shown only slight improvements. For instance, past work has shown that slightly higher detection rates, and slightly lower false-positive rates can be achieved [4], but these improvements come at the expense of increased computational complexity, or the use of additional preprocessing that imposes domain knowledge. Furthermore, Angiulli et al suggest that there is an inherent trade-off: greater values of n lead to higher false-positive rates, whereas 1-gram models have been shown to have lower detection rates (but not by much).…”

Section: Network Traffic Modeling and Analysismentioning

confidence: 99%

See 3 more Smart Citations

Recurring verification of interaction authenticity within bluetooth networks

Peters

Pierson

Sen

et al. 2021

Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

Although user authentication has been well explored, device-todevice authentication -specifically in Bluetooth networks -has not seen the same attention. We propose Verification of Interaction Authenticity (VIA) -a recurring authentication scheme based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion-detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. To evaluate our approach we produced a new dataset consisting of more than 300 Bluetooth network traces collected from 20 Bluetooth-enabled smart-health and smart-home devices. In our evaluation, we found that devices can be correctly verified at a variety of granularities, achieving an F1-score of 0.86 or better in most cases. CCS CONCEPTS• Security and privacy → Mobile and wireless security; Intrusion detection systems; Multi-factor authentication.

show abstract

Section: Evaluation and Resultsmentioning

confidence: 99%

Section: Intrusion Detection Systems (Ids)mentioning

confidence: 99%

Section: Network Traffic Modeling and Analysismentioning

confidence: 99%

Section: Network Traffic Modeling and Analysismentioning

confidence: 99%

See 2 more Smart Citations

Recurring verification of interaction authenticity within bluetooth networks

Peters

Pierson

Sen

et al. 2021

Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

show abstract

“…The results obtained are 100% True Positive Rate (TPR) and 0.087% False Positive rate (FPR). Angiulli, Argento and Furfaro [82] identify anomalous packets in the DARPA dataset, by dividing the payload into segments of equal length, using n-grams to learn the byte sequences that usually appear in each chunk. Using a semi-supervised approach, a model is built that associates the protocol-packet length pair.…”

Section: Discussionmentioning

confidence: 99%

Prevention and Fighting against Web Attacks through Anomaly Detection Technology. A Systematic Review

Riera

Higuera

et al. 2020

Sustainability

View full text Add to dashboard Cite

Numerous techniques have been developed in order to prevent attacks on web servers. Anomaly detection techniques are based on models of normal user and application behavior, interpreting deviations from the established pattern as indications of malicious activity. In this work, a systematic review of the use of anomaly detection techniques in the prevention and detection of web attacks is undertaken; in particular, we used the standardized method of a systematic review of literature in the field of computer science, proposed by Kitchenham. This method is applied to a set of 88 papers extracted from a total of 8041 reviewed papers, which have been published in notable journals. This paper discusses the process carried out in this systematic review, as well as the results and findings obtained to identify the current state of the art of web anomaly detection.

show abstract

A systematic literature review of cyber-security data repositories and performance assessment metrics for semi-supervised learning

et al. 2023

View full text Add to dashboard Cite

In Machine Learning, the datasets used to build models are one of the main factors limiting what these models can achieve and how good their predictive performance is. Machine Learning applications for cyber-security or computer security are numerous including cyber threat mitigation and security infrastructure enhancement through pattern recognition, real-time attack detection, and in-depth penetration testing. Therefore, for these applications in particular, the datasets used to build the models must be carefully thought to be representative of real-world data. However, because of the scarcity of labelled data and the cost of manually labelling positive examples, there is a growing corpus of literature utilizing Semi-Supervised Learning with cyber-security data repositories. In this work, we provide a comprehensive overview of publicly available data repositories and datasets used for building computer security or cyber-security systems based on Semi-Supervised Learning, where only a few labels are necessary or available for building strong models. We highlight the strengths and limitations of the data repositories and sets and provide an analysis of the performance assessment metrics used to evaluate the built models. Finally, we discuss open challenges and provide future research directions for using cyber-security datasets and evaluating models built upon them.

show abstract

Exploiting N-Gram Location for Intrusion Detection

Cited by 13 publications

References 8 publications

Recurring verification of interaction authenticity within bluetooth networks

Recurring verification of interaction authenticity within bluetooth networks

Prevention and Fighting against Web Attacks through Anomaly Detection Technology. A Systematic Review

A systematic literature review of cyber-security data repositories and performance assessment metrics for semi-supervised learning

Contact Info

Product

Resources

About