Intrusion Detection Over Encrypted Network Data

Karaçay, Leyli; Savaş, Erkay; Alptekin, Halit

doi:10.1093/comjnl/bxz111

Cited by 10 publications

(3 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Data Collection [37], [47], [80], [103], [104], [107], [111], [127]- [132] Analysis & Detection [13], [35], [41], [43], [55], [56], [84], [133]- [157] Presentation [9], [12], [13], [80], [97], [99], [112], [127], [158]- [170] V-B2). As the interface between people and machines, the presentation of data and analysis results is of particular interest in a SOC context.…”

Section: Technology Referencesmentioning

confidence: 99%

“…In contrast, each detection approach class can be assigned an approach described in the literature, whereby a focus on statistics-and rule-based approaches is recognizable. To enhance detection independent of the utilized approach Karacy et al [133] propose a principle that allows intrusion detection even when end-to-end encryption was used and Smith [157] suggests that user behaviour analytics (UBA) should be used more intensively, since misused credentials are a great threat.…”

Section: ) Analysis and Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

Section: Technology Referencesmentioning

confidence: 99%

Section: ) Analysis and Detectionmentioning

confidence: 99%

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

“…Kim et al [8] proposed an Artificial Intelligence-based Intrusion Detection System (AIIDS), which is an optimal CNN-LSTM model based on spatial feature learning and successfully applied payload-level deep learning techniques in a highperformance computing environment. In order to better protect the privacy issues of the security operation centers, Khayati et al [14] developed a protocol for privately evaluating detection models on the system data, in which privacy of both the system data and detection models is protected and information leakage is either prevented altogether or quantifiably decreased.…”

Section: A Intrusion Detection Systemmentioning

confidence: 99%

The Effective Methods for Intrusion Detection With Limited Network Attack Data: Multi-Task Learning and Oversampling

et al. 2020

View full text Add to dashboard Cite

Recently, many anomaly intrusion detection algorithms have been developed and applied in network security. These algorithms achieve high detection rate on many classical datasets. However, most of them failed to address two challenges: 1) imbalanced traffic data with limited network attack, 2) multiple data sources that are distributed in different terminals. In detail, those algorithms assume that there are sufficient network traffic data to train their models for intrusion detection. Due to the network attack traffic is always scarce in the real-world network, this assumption is difficult to satisfy in most cases. In this paper, we use Multi-Task Learning (MTL) and oversampling methods to address those challenges of network intrusion detection. Firstly, we use the MTL method to treat each terminal as a single task, and then use relevant information between different terminals to help learn every single task. Meanwhile, we use the oversampling method to overcome the minority problem of attacks. Through a series of experiments on the latest UNSW-NB15 and CICIDS2018 datasets, this paper verifies the effectiveness of MTL and oversampling methods for network intrusion detection with limited network attack data, where they achieve more than 90% detection rate in different experimental settings.

show abstract