On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks

Díaz-Verdejo, Jesús E.; Muñoz-Calle, Javier; Estepa, Antonio; Estepa, Rafael; Madinabeitia, Germán

doi:10.3390/app12020852

Cited by 29 publications

(5 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Taha et al [8] reviewed the different anomaly detection methods for categorical data. Diaz Verdejo et al [5] proposed an efficient alternative approach, named signature-recognition-based detection, in the context of web attacks. Mazarbhuiya et al [13] introduced a neighborhood rough-set-based classification approach to detect the anomaly in a mixed attribute dataset.…”

Section: Related Workmentioning

confidence: 99%

“…Anomaly-based IDS is the name given to the ensuing system [3,4]. However, a signature-recognition-based intrusion detection technique [5] uses a database of known attack signatures and raises an alarm whenever network traffic matches any signature. Usually, a computer and associated network can easily use an anomaly-based IDS as a risk mitigation technique.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Intuitionistic Fuzzy-Rough Set-Based Classification for Anomaly Detection

Mazarbhuiya

Sahmoudi

2023

Applied Sciences

View full text Add to dashboard Cite

The challenging issues of computer networks and databases are not only the intrusion detection but also the reduction of false positives and increase of detection rate. In any intrusion detection system, anomaly detection mainly focuses on modeling the normal behavior of the users and detecting the deviations from normal behavior, which are assumed to be potential intrusions or threats. Several techniques have already been successfully tried for this purpose. However, the normal and suspicious behaviors are hard to predict as there is no precise boundary differentiating one from another. Here, rough set theory and fuzzy set theory come into the picture. In this article, a hybrid approach consisting of rough set theory and intuitionistic fuzzy set theory is proposed for the detection of anomaly. The proposed approach is a classification approach which takes the advantages of both rough set and intuitionistic fuzzy set to deal with inherent uncertainty, vagueness, and indiscernibility in the dataset. The algorithm classifies the data instances in such a way that they can be expressed using natural language. A data instance can possibly or certainly belong to a class with degrees of membership and non-membership. The empirical study with a real-world and a synthetic dataset demonstrates that the proposed algorithm has normal true positive rates of 91.989% and 96.99% and attack true positive rates of 91.289% and 96.29%, respectively.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Intuitionistic Fuzzy-Rough Set-Based Classification for Anomaly Detection

Mazarbhuiya

Sahmoudi

2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Diaz-Verdejo Jesus et al conducted experimental studies on the detection rates of three standard pre-configurations of SIDS in the context of URI web attacks and proposed an effective method to reduce false positives by disabling complete rule sets of signatures. However, WAF is only a subset of the detection capabilities of SIDS, and it is unclear whether their model results hold true in different types of attacks [4]. Saez-de-Camara Xabier et al found that traditional IT security mechanisms, such as signature-based intrusion detection and defense systems, are difficult to integrate [5].…”

Section: Introductionmentioning

confidence: 99%

Finsformer: A Novel Approach to Detecting Financial Attacks Using Transformer and Cluster-Attention

An,

Ma,

Yan

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

This paper aims to address the increasingly severe security threats in financial systems by proposing a novel financial attack detection model, Finsformer. This model integrates the advanced Transformer architecture with the innovative cluster-attention mechanism, dedicated to enhancing the accuracy of financial attack behavior detection to counter complex and varied attack strategies. A key innovation of the Finsformer model lies in its effective capture of key information and patterns within financial transaction data. Comparative experiments with traditional deep learning models such as RNN, LSTM, Transformer, and BERT have demonstrated that Finsformer excels in key metrics such as precision, recall, and accuracy, achieving scores of 0.97, 0.94, and 0.95, respectively. Moreover, ablation studies on different feature extractors further confirm the effectiveness of the Transformer feature extractor in processing complex financial data. Additionally, it was found that the model’s performance heavily depends on the quality and scale of data and may face challenges in computational resources and efficiency in practical applications. Future research will focus on optimizing the Finsformer model, including enhancing computational efficiency, expanding application scenarios, and exploring its application on larger and more diversified datasets.

show abstract

“…In contrast to traditional fields of application of information systems, attacks on critical infrastructure facilities, which include energy companies, can lead to catastrophic consequences. Therefore, methods of detecting malicious activity, based on the use of signatures that ensure mathematically strict recognition, do not lose their relevance in the creation of cybersecurity systems, such as network intrusion detection systems (NIDS), antiviruses, anti-worm systems and spam filters [1,2].…”

Section: Introductionmentioning

confidence: 99%

Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems

Hilgurt

Davydenko

Матьовка

et al. 2023

JCSANDM

View full text Add to dashboard Cite

When creating signature-based cybersecurity systems for network intrusion detection (NIDS), spam filtering, protection against viruses, worms, etc., developers have to use hardware devices such as field programmable gate arrays (FPGA), since software solutions can no longer support the necessary speeds. There are many different approaches to build hardware circuits for pattern matching (where patterns are the parts of signatures). Choosing the optimal technical solution for certain conditions is not a trivial task. Developers of such hardware tend to act intuitively, heuristically. In this article, we provide tools to help them intelligently build cybersecurity systems using FPGAs. For the qualitative analysis of FPGA-based matching schemes, the classification of efficiency criteria and related indicators is considered. This classification was compiled by studying a large number of practical developments of FPGA-based cybersecurity systems, primarily NIDS. A method of rapid calculating numerical characteristics of the FPGA-based signature system components is proposed as a quantitative assessment tool. This method based on the use of so-called estimation functions allows avoiding the time-consuming execution of the digital circuit synthesis procedure. A number of experiments were carried out with the most promising matching schemes, allowing evaluating the above-mentioned tools. The rapid quantification method allows developers of hardware-accelerated cybersecurity systems to even apply it at each iteration within the optimization procedure cycle.

show abstract

On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks

Cited by 29 publications

References 41 publications

An Intuitionistic Fuzzy-Rough Set-Based Classification for Anomaly Detection

An Intuitionistic Fuzzy-Rough Set-Based Classification for Anomaly Detection

Finsformer: A Novel Approach to Detecting Financial Attacks Using Transformer and Cluster-Attention

Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems

Contact Info

Product

Resources

About