A New Approach of Intrusion Detection with Command Sequence-To-Sequence Model

2021 ◽  
pp. 169-182
Author(s):  
Wei Liu ◽  
Yu Mao ◽  
Linlin Ci ◽  
Fuquan Zhang
Keyword(s):  
Intrusion Detection ◽  
New Approach ◽  
Command Sequence

A new approach of user-level intrusion detection with command sequence-to-sequence model

2020 ◽  
Vol 38 (5) ◽  
pp. 5707-5716 ◽  
Author(s):  
Wei Liu ◽  
Yu Mao ◽  
Linlin Ci ◽  
Fuquan Zhang
Keyword(s):  
Intrusion Detection ◽  
New Approach ◽  
Command Sequence

scholarly journals Discovering Attackers Past Behavior to Generate Online Hyper-Alerts

2017 ◽  
Vol 10 (1) ◽  
pp. 122-147 ◽  
Author(s):  
Cláudio Toshio Kawakani ◽  
Sylvio Barbon ◽  
Rodrigo Sanches Miani ◽  
Michel Cukier ◽  
Bruno Bogaz Zarpelão
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Huge Amount ◽  
New Approach ◽  
University Of Maryland ◽  
Detection Systems ◽  
Past Behavior ◽  
The University ◽  
Security Organizations ◽  
Attack Strategy

To support information security, organizations deploy Intrusion Detection Systems (IDS) that monitor information systems and networks, generating alerts for every suspicious behavior. However, the huge amount of alerts that an IDS triggers and their low-level representation make the alerts analysis a challenging task. In this paper, we propose a new approach based on hierarchical clustering that supports intrusion alert analysis in two main steps. First, it correlates historical alerts to identify the most common strategies attackers have used. Then, it associates upcoming alerts in real time according to the strategies discovered in the first step. The experiments were performed using a real dataset from the University of Maryland. The results showed that the proposed approach could properly identify the attack strategy patterns from historical alerts, and organize the upcoming alerts into a smaller amount of meaningful hyper-alerts.

scholarly journals Deception in Network Defences Using Unpredictability

2021 ◽  
Vol 2 (4) ◽  
pp. 1-26
Author(s):  
Jassim Happa ◽  
Thomas Bashford-Rogers ◽  
Alastair Janse Van Rensburg ◽  
Michael Goldsmith ◽  
Sadie Creese
Keyword(s):  
Decision Making ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Situational Awareness ◽  
Detection System ◽  
Moving Target ◽  
Direct Response ◽  
New Approach ◽  
Production Environments ◽  
Novel Method

In this article, we propose a novel method that aims to improve upon existing moving-target defences by making them unpredictably reactive using probabilistic decision-making. We postulate that unpredictability can improve network defences in two key capacities: (1) by re-configuring the network in direct response to detected threats, tailored to the current threat and a security posture, and (2) by deceiving adversaries using pseudo-random decision-making (selected from a set of acceptable set of responses), potentially leading to adversary delay and failure. Decisions are performed automatically, based on reported events (e.g., Intrusion Detection System (IDS) alerts), security posture, mission processes, and states of assets. Using this codified form of situational awareness, our system can respond differently to threats each time attacker activity is observed, acting as a barrier to further attacker activities. We demonstrate feasibility with both anomaly- and misuse-based detection alerts, for a historical dataset (playback), and a real-time network simulation where asset-to-mission mappings are known. Our findings suggest that unpredictability yields promise as a new approach to deception in laboratory settings. Further research will be necessary to explore unpredictability in production environments.

Sign in / Sign up

Export Citation Format

Share Document