Toward a reliable anomaly-based intrusion detection in real-world environments

Viegas, Eduardo K.; Santin, Altair O.; Oliveira, Luiz S.

doi:10.1016/j.comnet.2017.08.013

Cited by 97 publications

(42 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…AndShiravi, Tavallaee, and Ghorbani (2012) present a new reference data set (the ISCX data set) for validating network intrusion detection systems is presented where according to Soheily-Khah, Marteau, and Béchet (2017), attack traffic accounts for 2% of the overall traffic only. While 2% is quite low, it might easily be much lower, for example 0.01%, as in the application layer denial-of-service data set of Viegas, Santin, and Oliveira (2017).…”

Section: Anomaly Detectionmentioning

confidence: 99%

Security of Data Science and Data Science for Security

Tellenbach

Rennhard

Schweizer

2019

Applied Data Science

View full text Add to dashboard Cite

In this chapter, we present a brief overview of important topics regarding the connection of data science and security. In the first part, we focus on the security of data science and discuss a selection of security aspects that data scientists should consider to make their services and products more secure. In the second part about security for data science, we switch sides and present some applications where data science plays a critical role in pushing the state-of-the-art in securing information systems. This includes a detailed look at the potential and challenges of applying machine learning to the problem of detecting obfuscated JavaScripts. Key Concepts of Information SecurityAccording to the Federal Information Security Management Act of 2002 (2012), the term "information security" means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability (CIA):

show abstract

Section: Anomaly Detectionmentioning

confidence: 99%

Security of Data Science and Data Science for Security

Tellenbach

Rennhard

Schweizer

2019

Applied Data Science

View full text Add to dashboard Cite

show abstract

“…backscatter, DoS, exploits, malware, port scans, shellcode) LBNL [61] port scans NDSec-1 [62] botnet (Citadel), brute force (against FTP, HTTP and SSH), DDoS (HTTP floods, SYN flooding and UDP floods), exploits, probe, spoofing, SSL proxy, XSS/SQL injection NGIDS-DS [19] backdoors, DoS, exploits, generic, reconnaissance, shellcode, worms NSL-KDD [63] DoS, privilege escalation (remote-to-local and user-to-root), probing PU-IDS [64] DoS, privilege escalation (remote-to-local and user-to-root), probing PUF [65] DNS attacks SANTA [35] (D)DoS (ICMP flood, RUDY, SYN flood), DNS amplification, heartbleed, port scans SSENET-2011 [47] DoS (executed through LOIC), port scans (executed through Angry IP Scanner, Nessus, Nmap), various attack tools (e.g. metasploit) SSENET-2014 [66] botnet, flooding, privilege escalation, port scans SSHCure [67] SSH attacks TRAbID [68] DoS (HTTP flood, ICMP flood, SMTP flood, SYN flood, TCP keepalive), port scans (ACK-Scan, FIN-Scan, NULL-Scan, OS Fingerprinting, Service Fingerprinting, UDP-Scan, XMAS-Scan) TUIDS [69], [70] botnet (IRC), DDoS (Fraggle flood, Ping flood, RST flood, smurf ICMP flood, SYN flood, UDP flood), port scans (e.g. FIN-Scan, NULL-Scan, UDP-Scan, XMAS-Scan), coordinated port scan, SSH brute force Twente [71] Attacks against a honeypot with three open services (FTP, HTTP, SSH) UGR'16 [29] botnet (Neris), DoS, port scans, SSH brute force, spam UNIBS [72] none Unified Host and Network [73] not specified UNSW-NB15 [20] backdoors, DoS, exploits, fuzzers, generic, port scans, reconnaissance, shellcode, spam, worms traffic, and comes along with a detailed technical report with additional information.…”

Section: Data Setmentioning

confidence: 99%

“…TRAbID [68]. Viegas et al proposed the TRAbID database [68] in 2017. This database contains 16 different scenarios for evaluating IDS.…”

Section: Data Setmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

486

235

View full text Add to dashboard Cite

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for networkbased intrusion detection and describes the underlying packetand flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

show abstract

“…Intrusion detection based on networks is an important step of cyber security [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15]. By analyzing large amounts of network data, network-based intrusion detection can effectively mitigate security threats [16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35]. Therefore, data processing plays a vital role in intrusion detection.…”

Section: Introductionmentioning

confidence: 99%

“…According to different evaluation functions, the filter methods are divided into five categories: distance, information (or uncertainty), dependence, consistency and the classifier error rate [15]. In recent years, many feature selection algorithms have been proposed [16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35]. When feature selection is applied properly, it can significantly improve classification processing time and performance.…”

Section: Introductionmentioning

confidence: 99%

A Filter Feature Selection Algorithm Based on Mutual Information for Intrusion Detection

Zhao

Niu

et al. 2018

Applied Sciences

View full text Add to dashboard Cite

For a large number of network attacks, feature selection is used to improve intrusion detection efficiency. A new mutual information algorithm of the redundant penalty between features (RPFMI) algorithm with the ability to select optimal features is proposed in this paper. Three factors are considered in this new algorithm: the redundancy between features, the impact between selected features and classes and the relationship between candidate features and classes. An experiment is conducted using the proposed algorithm for intrusion detection on the KDD Cup 99 intrusion dataset and the Kyoto 2006+ dataset. Compared with other algorithms, the proposed algorithm has a much higher accuracy rate (i.e., 99.772%) on the DOS data and can achieve better performance on remote-to-login (R2L) data and user-to-root (U2R) data. For the Kyoto 2006+ dataset, the proposed algorithm possesses the highest accuracy rate (i.e., 97.749%) among the other algorithms. The experiment results demonstrate that the proposed algorithm is a highly effective feature selection method in the intrusion detection.

show abstract

Toward a reliable anomaly-based intrusion detection in real-world environments

Cited by 97 publications

References 24 publications

Security of Data Science and Data Science for Security

Security of Data Science and Data Science for Security

A survey of network-based intrusion detection data sets

A Filter Feature Selection Algorithm Based on Mutual Information for Intrusion Detection

Contact Info

Product

Resources

About