Random effects logistic regression model for anomaly detection

Mok, Min Seok; Sohn, So Young; Ju, Yong Han

doi:10.1016/j.eswa.2010.04.017

Cited by 41 publications

(13 citation statements)

References 20 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We used a Metasploitable3 [45] [11]. In particular, we consider these seven methods: Support Vector Machines (SVM) [66], k-Nearest Neighbour (kNN) [67], Naïve Bayes (NB) [68], decision tree-based methods (i.e., Random Forest (RF) & Classification and Regression Trees (CART) [66]), as well as Logistics Regression (LR) [69], and Linear Discriminant Analysis (LDA) [70]. The authors in [67] [11] also showed that SVM, kNN, NB and CART are the most popular methods used for IDS development.…”

Section: B Normal and Attack Scenariosmentioning

confidence: 99%

“…• Logistic Regression (LR) [69]: even though it has the name 'regression', LR is commonly used for classification problems such as intrusion detection and spam filtering, as it can estimate the probability that an observation belongs to a particular class [72]. For instance, if the estimated probability is greater than 50%, then the model will predict that the observation belongs to attack class since it exceeds the threshold; otherwise, it will predict it as a normal class.…”

Section: B Normal and Attack Scenariosmentioning

confidence: 99%

See 1 more Smart Citation

TON_IoT Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Data-Driven Intrusion Detection Systems

et al. 2020

View full text Add to dashboard Cite

Although the Internet of Things (IoT) can increase efficiency and productivity through intelligent and remote management, it also increases the risk of cyber-attacks. The potential threats to IoT applications and the need to reduce risk have recently become an interesting research topic. It is crucial that effective Intrusion Detection Systems (IDSs) tailored to IoT applications be developed. Such IDSs require an updated and representative IoT dataset for training and evaluation. However, there is a lack of benchmark IoT and IIoT datasets for assessing IDSs-enabled IoT systems. This paper addresses this issue and proposes a new data-driven IoT/IIoT dataset with the ground truth that incorporates a label feature indicating normal and attack classes, as well as a type feature indicating the sub-classes of attacks targeting IoT/IIoT applications for multi-classification problems. The proposed dataset, which is named TON_IoT, includes Telemetry data of IoT/IIoT services, as well as Operating Systems logs and Network traffic of IoT network, collected from a realistic representation of a medium-scale network at the Cyber Range and IoT Labs at the UNSW Canberra (Australia). This paper also describes the proposed dataset of the Telemetry data of IoT/IIoT services and their characteristics. TON_IoT has various advantages that are currently lacking in the state-of-the-art datasets: i) it has various normal and attack events for different IoT/IIoT services, and ii) it includes heterogeneous data sources. We evaluated the performance of several popular Machine Learning (ML) methods and a Deep Learning model in both binary and multi-class classification problems for intrusion detection purposes using the proposed Telemetry dataset.

show abstract

Section: B Normal and Attack Scenariosmentioning

confidence: 99%

Section: B Normal and Attack Scenariosmentioning

confidence: 99%

TON_IoT Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Data-Driven Intrusion Detection Systems

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Over the past few years, a number of models and approaches based on traditional machine learning have been proposed for network intrusion detection. Examples include the Support Vector Machine (SVM) [24], [25], K-Nearest Neighbors (KNN) [26], Artificial Neural Networks (ANN) [17], [18], Random Forests (RF) [24], [25], [59], Decision Trees (DT) [23], [26], [27], [60], [61], Linear Regression (LR), Naïve Bayes (NB), Expectation Maximization (EM) [23], Simulated Annealing (SA) [27], Simplified Swarm Optimization (SSO) [28], Neutrosophic Logic (NL) [29], Neurotree [30], Random Effects Logistic Regression (RELR) [31], PCA filtering [62], and others reported in [32]- [34]. Recently, Nawir et al [35] proposed a classification model based on the Average One Dependence Estimator (AODE) algorithm for multiclass classification, on the UNSW-NB15 dataset, reporting an accuracy of 83.47% and a false alarm rate (FAR) of 6.57%.…”

Section: Related Workmentioning

confidence: 99%

TSDL: A Two-Stage Deep Learning Model for Efficient Network Intrusion Detection

et al. 2019

View full text Add to dashboard Cite

The network intrusion detection system is an important tool for protecting computer networks against threats and malicious attacks. Many techniques have recently been proposed; however, these face significant challenges due to the continuous emergence of new threats that are not recognized by existing systems. In this paper, we propose a novel two-stage deep learning (TSDL) model, based on a stacked auto-encoder with a soft-max classifier, for efficient network intrusion detection. The model comprises two decision stages: an initial stage responsible for classifying network traffic as normal or abnormal, using a probability score value. This is then used in the final decision stage as an additional feature, for detecting the normal state and other classes of attacks. The proposed model is able to learn useful feature representations from large amounts of unlabeled data and classifies them automatically and efficiently. To evaluate its effectiveness, several experiments are conducted on two public datasets, specifically the benchmark KDD99 and UNSW-NB15 datasets. Comparative simulation results demonstrate that our proposed model significantly outperforms existing approaches, achieving high recognition rates, up to 99.996% and 89.134%, for the KDD99 and UNSW-NB15 datasets respectively. We conclude that our model has the potential to serve as a future benchmark for the deep learning and network security research communities. INDEX TERMS Computational intelligence, two-stage deep learning model, feature representation, network intrusion detection, stacked auto-encoder.

show abstract

“…The Bayesian methods based on MCMC simulation provides a more effective approach for model estimation when compared to traditional maximum likelihood estimation (Burda, Harding, & Hausman, 2008;Mok, Sohn, & Ju, 2010). The multinomial logit model with repeated measures was performed in R (Version 2.15.2) with a Bayesian MCMC using the MCMCglmm package, with significance assessed at α < .05.…”

Section: Statistical Modelsmentioning

confidence: 99%