On the Evaluation of Sequential Machine Learning for Network Intrusion Detection

Andrea, Corsini,; Yang, Shanchieh Jay

doi:10.1145/3465481.3470065

Cited by 14 publications

(7 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Compared to existing IDS methods [3][4][5][6][12][13][14][15][16][17][18][19][20][21][22][23], the QLT-IDS system proposed in the present study has three major advantages.…”

Section: Related Workmentioning

confidence: 99%

“…Intrusion detection systems (IDS) are powerful security information and event management (SIEM) tools that help network operators protect vulnerable devices by monitoring malicious activities and automatically recording intrusion events within the network. Current IDS systems utilize three main methods to detect network attacks, namely (1) predefined rules or virus signatures [3][4][5][6]12], (2) anomaly detection [12][13][14][15][16], and (3) artificial intelligence [17][18][19][20][21][22][23][24][25][26] (machine-learning or deep-learning models). However, predefined detection methods require the identification and implementation of effective rules in advance and/or the extensive collection and update of potential virus signatures.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Quantitative Logarithmic Transformation-Based Intrusion Detection System

Lan¹,

Wei³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Intrusion detection systems (IDS) play a vital role in protecting networks from malicious attacks. Modern IDS use machine-learning or deep-learning models to deal with the diversity of attacks that malicious users may employ. However, effective machine-learning methods incur a considerable cost in both the pretraining stage and the online detection process itself. Accordingly, this study proposes a quantitative logarithmic transformation-based intrusion detection system (QLT-IDS) that uses a straightforward statistical approach to analyze network behavior. Compared with machine-learning or deeplearning-based IDS methods, the proposed system requires neither a time-consuming and expensive data collection and training process, nor a GPU-included device to achieve a real-time detection performance. Furthermore, the system can deal not only with North-South attacks, but also East-West attacks, which pose a significant risk in real-world operations. The effectiveness of the proposed system is evaluated for both real-world campus network traffic and simulated traffic. The results confirm that QLT-IDS is able to detect a wide range of malicious attacks with a high precision, even under high down-sampling rate of the NetFlow records.

show abstract

“…Compared to existing IDS methods [3][4][5][6][12][13][14][15][16][17][18][19][20][21][22][23], the QLT-IDS system proposed in the present study has three major advantages.…”

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Quantitative Logarithmic Transformation-Based Intrusion Detection System

Lan¹,

Wei³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Next, we surveyed related studies of ML-based NIDS that analyze session-level data. There are three cases of analyzing session-level data: when the public dataset is session-level data in the first place [31], [32], as in KDD99 and NSL-KDD; when NetFlow data is obtained from PCAP data [34], [35]; and when defining sessions originally [33], [36].…”

Section: ) Session-level Data Analysismentioning

confidence: 99%

Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach

Miyamoto,

Iida,

Han

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Network Intrusion Detection Systems (NIDSs) are crucial tools for ensuring cyber security. Recently, machine learning-based NIDSs have gained popularity due to their ability to adapt to various anomalies. To enable machine learning techniques, packet-level features have been proposed for packetlevel classification, but this approach may generate an excessive number of security alerts and reduce performance due to irrelevant packets. To address these limitations, this paper proposes a session-level classification approach that consolidates packet-level classification outputs to identify anomalous sessions. The effectiveness of the proposed approach is demonstrated by a prototype system. Experiments on a publicly available benchmark dataset demonstrate the high performance of proposed approach achieving F1-measure exceeding 98%. It also shows that even when we used only a few packets in head parts of each session to obtain session-level predictions, the high F1-measure still could be achieved. This result implies that the proposed approach is also efficient in terms of the number of packets to be processed. These results highlight the promising potential of the proposed approach for adaptive network intrusion detection.

show abstract

“…In particular, we highlight those solutions that combine deep learning with temporal analyses: such twofold perspective allows to detect additional malicious patterns that can improve detection performance. For instance, in [56] the F1-score improves from 0.90 to 0.95 when also temporal dependencies are considered. We will present a real deployment of a similar solution in §7.2, describing how S2Grupo protects Industrial Control Systems (ICS), showcasing the pros (and cons) of ML with respect to older techniques based on heuristics.…”

Section: Machine Learning In Network Intrusion Detectionmentioning

confidence: 99%

“…Finally, an intriguing future development of such ML solution involves the consideration of 'stateful' analyses that take into account the time-axis (as done, e.g., in [56]) and allow to detect even anomalies occurring in the temporal domain. The next case-study by S2Grupo will consider a similar application.…”

Section: Detection Of Cache Poisoning Attacks In Named Data Networkmentioning

confidence: 99%

The Role of Machine Learning in Cybersecurity

Apruzzese,

Laskov,

de Oca

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Machine Learning (ML) represents a pivotal technology for current and future information systems, and many domains already leverage the capabilities of ML. However, deployment of ML in cybersecurity is still at an early stage, revealing a significant discrepancy between research and practice. Such discrepancy has its root cause in the current state-of-the-art, which does not allow to identify the role of ML in cybersecurity. The full potential of ML will never be unleashed unless its pros and cons are understood by a broad audience.This paper is the first attempt to provide a holistic understanding of the role of ML in the entire cybersecurity domain-to any potential reader with an interest in this topic. We highlight the advantages of ML with respect to human-driven detection methods, as well as the additional tasks that can be addressed by ML in cybersecurity. Moreover, we elucidate various intrinsic problems affecting real ML deployments in cybersecurity. Finally, we present how various stakeholders can contribute to future developments of ML in cybersecurity, which is essential for further progress in this field. Our contributions are complemented with two real case studies describing industrial applications of ML as defense against cyber-threats.

show abstract

On the Evaluation of Sequential Machine Learning for Network Intrusion Detection

Cited by 14 publications

References 30 publications

A Quantitative Logarithmic Transformation-Based Intrusion Detection System

A Quantitative Logarithmic Transformation-Based Intrusion Detection System

Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach

The Role of Machine Learning in Cybersecurity

Contact Info

Product

Resources

About