Intrusion detection by machine learning: A review

Tsai, Chih‐Fong; Hsu, Yu Feng; Lin, Che-Hsin; Lin, Wei-Yang

doi:10.1016/j.eswa.2009.05.029

Cited by 794 publications

(395 citation statements)

References 43 publications

Supporting

Mentioning

377

Contrasting

Unclassified

Order By: Relevance

“…[22] considers the possibility of application of MAR splines in ASDCA, enabling building of exact approximation of the behavior of a standard user, or of the attacking side, according to specified parameters. A large number of works is devoted to statistical analysis of the data in ASDCA [15,23], to signature models [24] and theoretical aspects of the use of Markov chains [5,6,24] and the Petri nets [25] for the systems of cyber-attacks recognition.…”

Section: Introductionmentioning

confidence: 99%

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Lakhno

Kazmirchuk

Kovalenko

et al. 2016

EEJET

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Lakhno

Kazmirchuk

Kovalenko

et al. 2016

EEJET

View full text Add to dashboard Cite

“…These datasets were used in many of IDS works such as in Liu et al (2007), Shafi and Abbas (2009) and Li et al, (2009). Tsai et al (2009) reported there have been 30 major IDS studies used KDDCup 1999 datasets in their research. According to Wu and Banzhaf (2010), KDDCup 1999 dataset is the largest publicly available and sophisticated benchmarks for researchers to evaluate intrusion detection algorithms or machine learning algorithms.…”

Section: Methodsmentioning

confidence: 99%

Design of Adaptive IDS with Regulated Retraining Approach

Zainal

Maarof

Shamsuddin

et al. 2012

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract.Computer networks are becoming more insecure and vulnerable to intrusions and attacks as they are increasingly accessible to users globally. To minimize possibility of intrusions and attacks, various intrusion detection models have been proposed. However, the existing procedures suffer high false alarm, not adequately adaptive, low accuracy and rigid. The detection performance deteriorates when behavior of traffic is changing and new attacks continually emerge. Therefore, the need to update the reference model for any given anomaly-based intrusion detection is necessary to keep up with these changes. Severe changes should be addressed immediately before the performance is compromised. Available updating approaches include dynamic, periodic and regulated. Unfortunately, none considers severity of changes to trigger the updating. This paper proposed an adaptive IDS model using regulated retraining approach based on severity of changes in network traffic. Therefore, retraining can be done as and when necessary. Changes are denoted by ambiguous decisions and assumed to reflect insufficient knowledge of classifiers to make decision. Results show that the proposed approach is able to improve detection accuracy and reduce false alarm.

show abstract

“…For feature scaling, we normalized the wide range of 3 Flow Number of flows f 4 SrcAddr Number of source addresses f 5 DstAddr Number of destination addresses f 6 SrcPort Number of source ports f 7 DstPort Number of destination ports f 8 ΔAddr |SrcAddr − DstAddr| f 9 ΔPort |SrcPort − DstPort| different features into a standard range of 0 to 1. We scaled features according tô…”

Section: Feature Extraction and Feature Scalingmentioning

confidence: 99%

“…Additionally, a recent study by Tsai et al [4] suggests that machine learning techniques can play a major role in anomaly detection in computer networks. Several learning algorithms, such as k-nearest neighbor algorithms [5], neural networks [6], and support vector machines [6], [7], Manuscript received November 11, 2013.…”

Section: Introductionmentioning

confidence: 99%

Unsupervised Learning Model for Real-Time Anomaly Detection in Computer Networks

Limthong

Fukuda

et al. 2014

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYDetecting a variety of anomalies caused by attacks or accidents in computer networks has been one of the real challenges for both researchers and network operators. An effective technique that could quickly and accurately detect a wide range of anomalies would be able to prevent serious consequences for system security or reliability. In this article, we characterize detection techniques on the basis of learning models and propose an unsupervised learning model for real-time anomaly detection in computer networks. We also conducted a series of experiments to examine capabilities of the proposed model by employing three well-known machine learning algorithms, namely multivariate normal distribution, knearest neighbor, and one-class support vector machine. The results of these experiments on real network traffic suggest that the proposed model is a promising solution and has a number of flexible capabilities to detect several types of anomalies in real time. key words: machine learning, multivariate normal distribution, nearest neighbor, one-class support vector machine

show abstract

Intrusion detection by machine learning: A review

Cited by 794 publications

References 43 publications

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Design of Adaptive IDS with Regulated Retraining Approach

Unsupervised Learning Model for Real-Time Anomaly Detection in Computer Networks

Contact Info

Product

Resources

About