Database Intrusion Detection Systems (DIDs): Insider Threat Detection via Behaviour-Based Anomaly Detection Systems - A Brief Survey of Concepts and Approaches

2022 ◽  
pp. 178-197
Author(s):  
Muhammad Imran Khan ◽  
Simon N. Foley ◽  
Barry O’Sullivan
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Intrusion Detection Systems ◽  
Insider Threat ◽  
Threat Detection ◽  
Detection Systems ◽  
Database Intrusion Detection

scholarly journals Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

2021 ◽  
Vol 11 (4) ◽  
pp. 1674
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

Threat Hunting in Windows Using Big Security Log Data

2020 ◽  
pp. 168-188 ◽  
Author(s):  
Mohammad Rasool Fatemi ◽  
Ali A. Ghorbani
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Detection System ◽  
Intrusion Detection Systems ◽  
Detection Methods ◽  
Sources Of Information ◽  
Detection Systems ◽  
System Logs ◽  
Analysis System ◽  
Anomaly Detection System

System logs are one of the most important sources of information for anomaly and intrusion detection systems. In a general log-based anomaly detection system, network, devices, and host logs are all collected and used together for analysis and the detection of anomalies. However, the ever-increasing volume of logs remains as one of the main challenges that anomaly detection tools face. Based on Sysmon, this chapter proposes a host-based log analysis system that detects anomalies without using network logs to reduce the volume and to show the importance of host-based logs. The authors implement a Sysmon parser to parse and extract features from the logs and use them to perform detection methods on the data. The valuable information is successfully retained after two extensive volume reduction steps. An anomaly detection system is proposed and performed on five different datasets with up to 55,000 events which detects the attacks using the preserved logs. The analysis results demonstrate the significance of host-based logs in auditing, security monitoring, and intrusion detection systems.

scholarly journals The possibility of using LACP protocol in anomaly detection systems

2018 ◽  
Vol 21 ◽  
pp. 00014 ◽  
Author(s):  
Marek Bolanowski ◽  
Piotr Cisło
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Threat Detection ◽  
Control Protocol ◽  
Detection Systems ◽  
The Core ◽  
Implementation Costs ◽  
Aggregation Control

This article presents the use of the Link Aggregation Control Protocol (LACP) for detection of anomalies in network traffic. The idea itself is based on checking the representativeness of a single LACP link for the whole traffic transmitted by the aggregation. This approach allows to reduce the requirements for the performance of threat detection systems, and thus reduce their implementation costs and the gives a possibility of using probes (IDS or IPS) directly in the core of the network. The authors also examine the influence of hashing algorithms used for the particular LACP link on the possibility of using of developed method and on the level of intrusion detection.

Sign in / Sign up

Export Citation Format

Share Document