Network Intrusion Detection System using attack behavior classification

Al-Jarrah, Omar; Arafat, Ahmad

doi:10.1109/iacs.2014.6841978

Cited by 56 publications

(40 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The indicators, decreasing protection of MCCS are considered to be risk indicators [24], and those increasing it − protection indicators [4,6]. To formalize the dependency of MCCS's degree of protection on corresponding values, one can apply one of the following approaches [16,19,24]: 1) a cyber threat within a class depends on one indicator, i.e. the relationships of one-to-one correspondence exist between the degree of threat and the values of the indicator (factor);…”

Section: The Model Of Logical Procedures Of Detection Of Anomalies Anmentioning

confidence: 99%

“…To build LPDCA, the so-called elementary classifiers (EC) [16,19,21,28,29] are used. EC is a fragment that briefly describes the object and which is used for training ASDCA.…”

Section: The Model Of Logical Procedures Of Detection Of Anomalies Anmentioning

confidence: 99%

“…According to many authors [8,10,12,16,24,26,27], the most promising direction of the development of the methods for detection of cyber-attacks and anomalies is a combination of existing approaches in adaptive hybrid CARS with capacity for self-learning.…”

Section: Introductionmentioning

confidence: 99%

“…The methods of computational intelligence, in particular neural networks (NN) for the tasks of detecting cyber-attacks, are described in the works [16,17]. [13,18] describe the models and methods of adapting genetic algorithms for the task of detection of cyber-attacks.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Lakhno

Kazmirchuk

Kovalenko

et al. 2016

EEJET

View full text Add to dashboard Cite

Section: The Model Of Logical Procedures Of Detection Of Anomalies Anmentioning

confidence: 99%

“…To build LPDCA, the so-called elementary classifiers (EC) [16,19,21,28,29] are used. EC is a fragment that briefly describes the object and which is used for training ASDCA.…”

Section: The Model Of Logical Procedures Of Detection Of Anomalies Anmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Lakhno

Kazmirchuk

Kovalenko

et al. 2016

EEJET

View full text Add to dashboard Cite

“…Failure to create an accurate model would result in new vulnerabilities being misclassified or legitimate traffic being flagged as malicious [24]. Although the algorithms promise to deliver high detection rations and good performance [2], they are seldom deployed on their own outside academic circles. The current work focuses instead on cluster algorithms: more specifically k-means clustering [14].…”

Section: Network Intrusion and Machine Learningmentioning

confidence: 99%

Network Traffic Anomaly Detection Using Shallow Packet Inspection and Parallel K-means Data Clustering

Velea¹,

Ciobanu²,

Mărgărit³

et al. 2017

STUD INFORM CONTROL

View full text Add to dashboard Cite

IT infrastructures around the world are targeted by malicious entities that want to steal data or compromise services. Protection measures for complex computer networks are expensive to deploy and maintain, and often do not offer protection against zero-day exploits. In-depth analysis of incoming and outgoing traffic can be problematic from legal and technical perspectives. The current work explores the possibility of implementing reliable security measures using machine learning algorithms to perform traffic classification. The new framework is mapped on existing parallel hardware and aims to provide a versatile solution for the detection of anomalous behaviour in network traffic through k-means clustering and without performing deep packet inspection. Trace analysis metadata is obtained by exploiting the features available in the pcapng file format. K-means clustering is implemented using multiple parallel APIs and a comparative analysis is presented together with performance considerations.

show abstract

A fuzzy detection approach toward different speed port scan attacks based on Dempster–Shafer evidence theory

Shao

Chen

Yin

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

Port scan detection is one of the important topics in network security and has received lots of attention by researchers; however a slow port scan attack can deceive most of the existing IDS. Besides, it is unreasonable in typical detection to decide whether it is a probe based on the precise threshold especially when the feature values are around the threshold without taking the uncertainty into consideration. To address these problems, a novel approach was proposed by collecting traffic statistics information called access port set (APS) for each IP address in time windows; several traffic features are extracted from APS which are considered as multiple evidences to indicate a probe. For each evidence, three probabilities are concerned to evaluate the likelihood of the probe occurring which include the probabilities of support, nonsupport and uncertainty. The comprehensive evidence can be obtained from the combination of multiple evidences to evaluate the probe threaten. Several experiments were performed to evaluate the approach with DARPA/MIT datasets and our own generated attack datasets; the experimental results show the feasibility of our approach in terms of detection accuracy and effectiveness. The mechanism can be applied not only in port scan detection but also other precise threshold based situations such as traffic abnormal analysis and intrusion detection. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Network Intrusion Detection System using attack behavior classification

Cited by 56 publications

References 7 publications

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Network Traffic Anomaly Detection Using Shallow Packet Inspection and Parallel K-means Data Clustering

A fuzzy detection approach toward different speed port scan attacks based on Dempster–Shafer evidence theory

Contact Info

Product

Resources

About