Intelligent Cyber-Attack Detection and Classification for Network-based Intrusion Detection Systems

Oliveira, Nuno; Praça, Isabel; Maia, Eva; Sousa, Orlando

doi:10.20944/preprints202012.0315.v1

Cited by 6 publications

(10 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The key purpose of IDS is to detect unwanted traffic in the network that could be a potential attack [ 50 ]. There are two main types of detection techniques [ 51 ]: misuse detection and anomaly detection.…”

Section: Intrusion Detectionmentioning

confidence: 99%

Multivariable Heuristic Approach to Intrusion Detection in Network Environments

Niemiec

Kościej

Gdowski

2021

Entropy

View full text Add to dashboard Cite

The Internet is an inseparable part of our contemporary lives. This means that protection against threats and attacks is crucial for major companies and for individual users. There is a demand for the ongoing development of methods for ensuring security in cyberspace. A crucial cybersecurity solution is intrusion detection systems, which detect attacks in network environments and responds appropriately. This article presents a new multivariable heuristic intrusion detection algorithm based on different types of flags and values of entropy. The data is shared by organisations to help increase the effectiveness of intrusion detection. The authors also propose default values for parameters of a heuristic algorithm and values regarding detection thresholds. This solution has been implemented in a well-known, open-source system and verified with a series of tests. Additionally, the authors investigated how updating the variables affects the intrusion detection process. The results confirmed the effectiveness of the proposed approach and heuristic algorithm.

show abstract

Section: Intrusion Detectionmentioning

confidence: 99%

Multivariable Heuristic Approach to Intrusion Detection in Network Environments

Niemiec

Kościej

Gdowski

2021

Entropy

View full text Add to dashboard Cite

show abstract

“…Several algorithms such as Random Forest, Multi-layer Perceptron and Long Short-Term Memory were experimented. For a more detailed description of the employed methods readers can be redirected to [22].…”

Section: Machine Learningmentioning

confidence: 99%

A Tool to Support the Investigation and Visualization of Cyber and/or Physical Incidents

Macedo

Wanous

Oliveira

et al. 2021

Advances in Intelligent Systems and Computing

Self Cite

View full text Add to dashboard Cite

Investigating efficiently the data collected from a system's activity can help to detect malicious attempts and better understand the context behind past incident occurrences. Nowadays, several solutions can be used to monitor system activities to detect probable abnormalities and malfunctions. However, most of these systems overwhelm their users with vast amounts of information, making it harder for them to perceive incident occurrences and their context. Our approach combines a dynamic and intuitive user interface with Machine Learning forecasts to provide an intelligent investigation tool that facilitates the security operator's work. Our system can also act as an enhanced and fully automated decision support mechanism that provides suggestions about possible incident occurrences.

show abstract

“…Different from binary classifiers, recent reviews of the literature [15], [19], [20], [21] identify common multi-class classifiers employed in NIDS using KNN [22], SVM [22], NB [22] [23] [24], DT [24], RF [23] [24] [25], and Artificial Neural Network (ANN) [25] [26] [27]. Although these classifiers are capable of achieving high accuracy labeling known intrusions from training with attack databases, they lack the capability of detecting unknown attacks.…”

Section: Related Workmentioning

confidence: 99%

A Novel Open Set Energy-based Flow Classifier for Network Intrusion Detection

Souza¹,

Pontes²,

Gondim³

et al. 2021

Preprint

View full text Add to dashboard Cite

Network intrusion detection systems (NIDS) are one of several solutions that make up a computer security system. They are responsible for inspecting network traffic and triggering alerts when detecting intrusion attempts. One of the most popular approaches in NIDS research today is the Anomaly-based technique, characterized by the ability to recognize previously unobserved attacks. Some A-NIDS systems go beyond the separation into normal and anomalous classes by trying to identify the type of detected anomalies. This is an important capability of a security system, as it allows a more effective response to an intrusion attempt. The existing systems with this ability are often subject to limitations such as high complexity and incorrect labeling of unknown attacks. In this work, we propose an algorithm to be used in NIDS that overcomes these limitations. Our proposal is an adaptation of the Anomalybased classifier EFC to perform multi-class classification. It has a single layer, with low temporal complexity, and can correctly classify not only the known attacks, but also unprecedented attacks. Our proposal was evaluated in two up-to-date flow-based intrusion detection datasets: CIDDS-001 and CICIDS2017. We also conducted a specific experiment to assess our classifier's ability to correctly label unknown attacks. Our results show that the multi-class EFC is a promising classifier to be used in NIDS.

show abstract

Intelligent Cyber-Attack Detection and Classification for Network-based Intrusion Detection Systems

Cited by 6 publications

References 19 publications

Multivariable Heuristic Approach to Intrusion Detection in Network Environments

Multivariable Heuristic Approach to Intrusion Detection in Network Environments

A Tool to Support the Investigation and Visualization of Cyber and/or Physical Incidents

A Novel Open Set Energy-based Flow Classifier for Network Intrusion Detection

Contact Info

Product

Resources

About