Re-evaluation of combined Markov-Bayes models for host intrusion detection on the ADFA dataset

Mouttaqi, Tarik; Rachidi, Tajjeeddine; Assem, Nasser

doi:10.1109/intellisys.2017.8324257

Cited by 6 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are works that introduce the idea of combining two techniques to achieve better performance [48]. The work discusses the combination of the probabilistic models Markov and Bayes for host-based intrusion detection.…”

Section: Related Workmentioning

confidence: 99%

“…On the one hand, the main difference between our proposal and those presented in this section is that our proposal employs multiple techniques and these works use only one technique. On the other hand, several papers show systems that use two methods [48]- [52], but our proposal combines more methods and represents all the information in a single data structure.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

et al. 2021

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

et al. 2021

View full text Add to dashboard Cite

“… Priority to papers published in international journals rather than conferences, whenever possible. Our review ended up selecting 15 papers: 2 for ADFANet [87], [88], 3 for CICIDS17 [80], [82], [83], 3 for CIDDS-001 [82], [84], [89], 2 for ISCX12 [79], [81], 3 for NSL-KDD [78], [81], [83], 3 for UGR16 [76], [85], [86], and 4 for UNSW-NB15 [76], [77], [81], [83]. Those papers use metrics different than MCC to evaluate intrusion detectors; consequently, we calculated common metrics achieved by the Stacker on each dataset to enable comparisons.…”

Section: Comparison With Literature Studies About Intrusion Detectionmentioning

confidence: 99%

Prepare for trouble and make it double! Supervised – Unsupervised stacking for anomaly-based intrusion detection

Zoppi

Ceccarelli

2021

Journal of Network and Computer Applications

View full text Add to dashboard Cite

“…Minimizing the Log Loss is basically equivalent to maximizing the accuracy of the classifier. For this, we define Log Loss as: (6) where N is the number of samples or instances, M is the number of possible labels, y ij is a binary indicator of whether or not label j is the correct classification for instance i, and p ij is the model probability of assigning label j to instance i. As depicted in Figure 6, we determined a number of 2000 trees with a shrinkage value of 0.01 in order to achieve a good log loss of 0.1567176.…”

Section: Gradient Boosting Machinementioning

confidence: 99%

“…To counter both internal and external intrusions, Intrusion Detection System (IDS) are deployed by network administrators to protect key network and enterprise services from both internal and external intrusion attempts. http://dx.doi.org/10.12785/ijcds/080505 https://journal.uob.edu.bh Two classes of IDSs have emerged, namely (i) those that operate on network traffic called Network Intrusion Detection Systems (NIDS) [4]; they are often collocated with Firewalls and use network traffic traces for detecting intrusions, and (ii) Host Intrusion Detection Systems (HIDS) [5,6]; this breed is deployed on each network host, and uses information other than network traffic to detect intrusions. Such information includes application activity, traces, system calls and their parameters.…”

Section: Introductionmentioning

confidence: 99%

Network Based Intrusion Detection Using the UNSW-NB15 Dataset

al.¹

2019

IJCDS

View full text Add to dashboard Cite

In this work, we apply a two stage anomaly-based network intrusion detection process using the UNSW-NB15 dataset. We use Recursive Feature Elimination and Random Forests among other techniques to select the best dataset features for the purpose of machine learning; then we perform a binary classification in order to identify intrusive traffic from normal one, using a number of data mining techniques, including Logistic Regression, Gradient Boost Machine, and Support Vector Machine. Results of this first stage classification show that the use of Support Vector Machine reports the highest accuracy (82.11%). We then feed the output of Support Vector Machine to a range of multinomial classifiers in order to improve the accuracy of predicting the type of attacks. Specifically, we evaluate the performance of Decision Trees (C5.0), Naïve Bayes and multinomial Support Vector Machine. Applying C5.0 yielded the highest accuracy (74%) and F1 score (86%), and the two-stage hybrid classification improved the accuracy of results by up to 12% (achieving a multi-classification accuracy of 86.04%). Finally, with the support of our results, we present constructive criticism of the UNSW-NB15 dataset.

show abstract

Re-evaluation of combined Markov-Bayes models for host intrusion detection on the ADFA dataset

Cited by 6 publications

References 5 publications

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

Prepare for trouble and make it double! Supervised – Unsupervised stacking for anomaly-based intrusion detection

Network Based Intrusion Detection Using the UNSW-NB15 Dataset

Contact Info

Product

Resources

About