Host-based Intrusion Detection Using Signature-based and AI-driven Anomaly Detection Methods

Panagiotou, Panos; Mengidis, Notis; Tsikrika, Theodora; Vrochidis, Stefanos; Kompatsiaris, Ioannis

doi:10.11610/isij.5016

Cited by 11 publications

(18 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Examining cyberthreat trends and patterns necessitates thoroughly comprehending deception networks, honeypots, and decoy systems [6,11,12]. These systems are instrumental in intelligence gathering and serve as deterrents to cyberattacks, and have shown effectiveness in monitoring network traffic and identifying potential threats [6,[11][12][13].…”

Section: Introduction 1the Problemmentioning

confidence: 99%

Cyberpsychology: A Longitudinal Analysis of Cyber Adversarial Tactics and Techniques

Rich

2023

Analytics

View full text Add to dashboard Cite

The rapid proliferation of cyberthreats necessitates a robust understanding of their evolution and associated tactics, as found in this study. A longitudinal analysis of these threats was conducted, utilizing a six-year data set obtained from a deception network, which emphasized its significance in the study’s primary aim: the exhaustive exploration of the tactics and strategies utilized by cybercriminals and how these tactics and techniques evolved in sophistication and target specificity over time. Different cyberattack instances were dissected and interpreted, with the patterns behind target selection shown. The focus was on unveiling patterns behind target selection and highlighting recurring techniques and emerging trends. The study’s methodological design incorporated data preprocessing, exploratory data analysis, clustering and anomaly detection, temporal analysis, and cross-referencing. The validation process underscored the reliability and robustness of the findings, providing evidence of increasingly sophisticated, targeted cyberattacks. The work identified three distinct network traffic behavior clusters and temporal attack patterns. A validated scoring mechanism provided a benchmark for network anomalies, applicable for predictive analysis and facilitating comparative study of network behaviors. This benchmarking aids organizations in proactively identifying and responding to potential threats. The study significantly contributed to the cybersecurity discourse, offering insights that could guide the development of more effective defense strategies. The need for further investigation into the nature of detected anomalies was acknowledged, advocating for continuous research and proactive defense strategies in the face of the constantly evolving landscape of cyberthreats.

show abstract

Section: Introduction 1the Problemmentioning

confidence: 99%

Cyberpsychology: A Longitudinal Analysis of Cyber Adversarial Tactics and Techniques

Rich

2023

Analytics

View full text Add to dashboard Cite

show abstract

“…The sophistication of cyber intrusion techniques has grown significantly in the last ten years. This poses ever greater challenges for traditional IDS detection methods [52]. Intrusion detection methods are beneficial in guaranteeing that network administrators are correctly alerted to dangerous events [7].…”

Section: Discussionmentioning

confidence: 99%

“…The delimitation of this study was investigating signature-based intrusion detection systems. These systems match patterns to identify known attacks [52].…”

Section: Limitations and Implicationsmentioning

confidence: 99%

Comparing Metaheuristic Search Techniques in Addressing the Effectiveness of Clustering-Based DDoS Attack Detection Methods

Zeinalpour,

McElroy

2024

Electronics

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks have increased in frequency and sophistication over the last ten years. Part of the challenge of defending against such attacks requires the analysis of very large volumes of data. Metaheuristic algorithms can assist in selecting relevant features from the network traffic data for use in DDoS detection models. By efficiently exploring different combinations of features, these methods can identify subsets that are informative for distinguishing between normal and attack traffic. However, identifying an optimized solution in this area is an open research question. Tuning the parameters of metaheuristic search techniques in the optimization process is critical. In this study, a switching approximation is used in a variety of metaheuristic search techniques. This approximation is used to find the best solution for the analysis of the network traffic features in either lower or upper values between 0 and 1. We compare the fine-tuning of this parameter against standard approaches and find that it is not substantially better than the BestFirst algorithm (a standard default approach for feature selection). This study contributes to the literature by testing and eliminating various fine-tuning strategies for the metaheuristic approach.

show abstract

“…In modern linked world, NIDSs are imperative for protecting the accessibility, security, and reliability of data [4]. The two primary types of methods used by NIDSs to do this are signature-based detection and anomaly-based detection [5]. In order to be very effective in recognizing assaults using widely recognized signatures and structures, signature-based NIDSs rely on predefined attack patterns [6].…”

Section: Introductionmentioning

confidence: 99%

Optimizing Network Intrusion Detection with a Hybrid Adaptive Neuro Fuzzy Inference System and AVO-based Predictive Analysis

Pawar,

Gadde

et al. 2023

IJACSA

View full text Add to dashboard Cite

Protecting data and computer systems, as well as preserving the accessibility, integrity, and confidentiality of vital information in the face of constantly changing cyberthreats, requires the vital responsibility of detecting network intrusions. Existing intrusion detection models have limits in properly capturing and interpreting complex patterns in network behavior, which frequently leads to difficulties in robust feature selection and a lack of overall intrusion detection accuracy. The drawbacks of current methods are addressed by a unique approach to network intrusion detection presented in this paper. This framework discusses the difficulties presented by changing cyberthreats and the critical requirement for efficient intrusion detection in a society growing more networked by the day. Using a Hybrid Adaptive Neuro Fuzzy Inference System and African Vulture Optimization model with Min-Max normalization and data cleaning on the NSL-KDD dataset, the methodology outlined here overcomes issues with complex network behavior patterns and improves feature selection for precise identification of potential security threats. This approach meets the need for an effective intrusion detection system. Python software is used to implement the suggested model since it is flexible and reliable. The results show a notable improvement in accuracy, with the Hybrid Adaptive Neuro Fuzzy Inference System and African Vulture Optimization model surpassing previous approaches significantly and obtaining an exceptional accuracy rate of 99.3%. The accuracy of the proposed model was improved by African Vulture Optimization, rising from 99.2% to 99.3%. When compared to Artificial Neural Network (78.51%), Random Forest (92.21%), and Linear Support Vector Machine (97.4%), this amazing improvement is clear. When compared to other techniques, the suggested model exhibits an average accuracy gain of about 20.79%.

show abstract

Host-based Intrusion Detection Using Signature-based and AI-driven Anomaly Detection Methods

Cited by 11 publications

References 28 publications

Cyberpsychology: A Longitudinal Analysis of Cyber Adversarial Tactics and Techniques

Cyberpsychology: A Longitudinal Analysis of Cyber Adversarial Tactics and Techniques

Comparing Metaheuristic Search Techniques in Addressing the Effectiveness of Clustering-Based DDoS Attack Detection Methods

Optimizing Network Intrusion Detection with a Hybrid Adaptive Neuro Fuzzy Inference System and AVO-based Predictive Analysis

Contact Info

Product

Resources

About