On Emulation-Based Network Intrusion Detection Systems

Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates.

show abstract

“…Accuracy Rate on KDDTest+ Abbasi, et al [31] 77.38% Panda, et al [32] 81.47% Abbasi, et al [31] 79.66% Proposed Technique 83.24%…”

Section: Researchmentioning

confidence: 99%

Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Recently, Abbasi et. al., [8] propose a number of techniques that evade emulated-based shellcode detection system (EBSDS). They point out that any emulation gaps should lead to the exposure of emulator to the attackers, and summarize the limitations of emulator in two aspects: a) Unsupported Instruction: Most EBSDSs do not have the capabilities of emulating full instruction set.…”

Section: Related Workmentioning

confidence: 99%

Shellix: An Efficient Approach for Shellcode Detection

Chen¹,

Hu²,

Tian³

et al. 2016

IJSIA

View full text Add to dashboard Cite

show abstract

“…For an attacker the ultimate objective when attacking an industrial control network is to manipulate the physical process without being detected [1] by advanced intrusion detection systems (IDS) or plant operators. Before the highly publicized Stuxnet malware, most of the attacks were trivial intrusions against the IT equipment of industrial control network.…”

Section: Introductionmentioning

confidence: 99%

Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation

Abbasi¹,

Hashemi²,

Zambon³

et al. 2017

Critical Information Infrastructures Security

Self Cite

View full text Add to dashboard Cite

Abstract. Input/Output is the mechanism through which Programmable Logic Controllers (PLCs) interact with and control the outside world. Particularly when employed in critical infrastructures, the I/O of PLCs has to be both reliable and secure. PLCs I/O like other embedded devices are controlled by a pin based approach. In this paper, we investigate the security implications of the PLC pin control system. In particular, we show how an attacker can tamper with the integrity and availability of PLCs I/O by exploiting certain pin control operations and the lack of hardware interrupts associated to them.

show abstract

On Emulation-Based Network Intrusion Detection Systems

Cited by 18 publications

References 17 publications

Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine

Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine

Shellix: An Efficient Approach for Shellcode Detection

Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation

Contact Info

Product

Resources

About