Host-based Intrusion Detection Using Signature-based and AI-driven Anomaly Detection Methods

Contextual Anomaly Detection Methods for Addressing Intrusion Detection

Handbook of Research on Cyber Crime and Information Privacy - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-5728-0.ch009 ◽

2021 ◽

pp. 151-181

Author(s):

Florian Gottwalt ◽

Elizabeth J. Chang ◽

Tharam S. Dillon

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Promising Method ◽

Detection Methods ◽

False Alarms ◽

Cyber Crime ◽

Number Of False Alarms ◽

Network Anomaly Detection

One promising method to detect cyber-crime is anomaly detection, which enables one to detect new, unseen attacks. Despite this ability, anomaly detection methods only have limited utilization in practice, due to the high number of false alarms generated. Recent research has shown that the number of false alarms can be reduced drastically by considering the context in which these alarms occur. However, important questions include, What does context mean in the realm of anomaly detection? and How can it be incorporated to identify potential cyber-crime? To address these questions, this chapter provides novel definitions of context and contextual anomaly detection methods. Based on these, a new taxonomy is proposed for contextual anomaly detection methods, which organizes the methods by the specific problems they address. Further, the chapter highlights the potential of contextual anomaly detection for the reduction of false alarms, particularly for network anomaly detection and provides an introduction and holistic overview of the field for professionals and researchers.

Download Full-text

Threat Hunting in Windows Using Big Security Log Data

Security, Privacy, and Forensics Issues in Big Data - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9742-1.ch007 ◽

2020 ◽

pp. 168-188 ◽

Cited By ~ 1

Author(s):

Mohammad Rasool Fatemi ◽

Ali A. Ghorbani

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Detection System ◽

Intrusion Detection Systems ◽

Detection Methods ◽

Sources Of Information ◽

Detection Systems ◽

System Logs ◽

Analysis System ◽

Anomaly Detection System

System logs are one of the most important sources of information for anomaly and intrusion detection systems. In a general log-based anomaly detection system, network, devices, and host logs are all collected and used together for analysis and the detection of anomalies. However, the ever-increasing volume of logs remains as one of the main challenges that anomaly detection tools face. Based on Sysmon, this chapter proposes a host-based log analysis system that detects anomalies without using network logs to reduce the volume and to show the importance of host-based logs. The authors implement a Sysmon parser to parse and extract features from the logs and use them to perform detection methods on the data. The valuable information is successfully retained after two extensive volume reduction steps. An anomaly detection system is proposed and performed on five different datasets with up to 55,000 events which detects the attacks using the preserved logs. The analysis results demonstrate the significance of host-based logs in auditing, security monitoring, and intrusion detection systems.

Download Full-text

Promising techniques for anomaly detection on network traffic

Computer Science and Information Systems ◽

10.2298/csis170201018h ◽

2017 ◽

Vol 14 (3) ◽

pp. 597-609

Author(s):

Hui Tian ◽

Jingtian Liu ◽

Meimei Ding

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Network Traffic ◽

High Accuracy ◽

Detection Methods ◽

Accuracy Rate ◽

Time Efficiency ◽

End To End

In various networks, anomaly may happen due to network breakdown, intrusion detection, and end-to-end traffic changes. To detect these anomalies is important in diagnosis, fault report, capacity plan and so on. However, it?s challenging to detect these anomalies with high accuracy rate and time efficiency. Existing works are mainly classified into two streams, anomaly detection on link traffic and on global traffic. In this paper we discuss various anomaly detection methods on both types of traffic and compare their performance.

Download Full-text

Un-Supervised approach to backorder prediction using deep autoencoder

Recent Patents on Computer Science ◽

10.2174/2213275912666190819112609 ◽

2019 ◽

Vol 12 ◽

Author(s):

Gunjan Saraogi ◽

Deepa Gupta ◽

Lavanya Sharma ◽

Ajay Rana

Keyword(s):

Anomaly Detection ◽

Predictive Model ◽

Inventory Management ◽

Supervised Classification ◽

Operating Characteristic ◽

Imbalanced Data ◽

Bullwhip Effect ◽

Detection Methods ◽

Good Representation ◽

Operational Management

Background: Backorders are an accepted abnormality affecting accumulation alternation and logistics, sales, chump service, and manufacturing, which generally leads to low sales and low chump satisfaction. A predictive archetypal can analyse which articles are best acceptable to acquaintance backorders giving the alignment advice and time to adjust, thereby demography accomplishes to aerate their profit. Objective: To address the issue of predicting backorders, this paper has proposed an un-supervised approach to backorder prediction using Deep Autoencoder. Method: In this paper, artificial intelligence paradigms are researched in order to introduce a predictive model for the present unbalanced data issues, where the number of products going on backorder is rare. Result: Un-supervised anomaly detection using deep auto encoders has shown better Area under the Receiver Operating Characteristic and precision-recall curves than supervised classification techniques employed with resampling techniques for imbalanced data problems. Conclusion: We demonstrated that Un-supervised anomaly detection methods specifically deep auto-encoders can be used to learn a good representation of the data. The method can be used as predictive model for inventory management and help to reduce bullwhip effect, raise customer satisfaction as well as improve operational management in the organization. This technology is expected to create the sentient supply chain of the future – able to feel, perceive and react to situations at an extraordinarily granular level

Download Full-text

OutlierNets: Highly Compact Deep Autoencoder Network Architectures for On-Device Acoustic Anomaly Detection

Sensors ◽

10.3390/s21144805 ◽

2021 ◽

Vol 21 (14) ◽

pp. 4805

Author(s):

Saad Abbasi ◽

Mahmoud Famouri ◽

Mohammad Javad Shafiee ◽

Alexander Wong

Keyword(s):

Machine Learning ◽

Anomaly Detection ◽

Detection Methods ◽

Detection Accuracy ◽

Network Architectures ◽

Design Exploration ◽

Convolutional Autoencoder ◽

Acoustic Anomaly ◽

Human Operators ◽

Computational Resources

Human operators often diagnose industrial machinery via anomalous sounds. Given the new advances in the field of machine learning, automated acoustic anomaly detection can lead to reliable maintenance of machinery. However, deep learning-driven anomaly detection methods often require an extensive amount of computational resources prohibiting their deployment in factories. Here we explore a machine-driven design exploration strategy to create OutlierNets, a family of highly compact deep convolutional autoencoder network architectures featuring as few as 686 parameters, model sizes as small as 2.7 KB, and as low as 2.8 million FLOPs, with a detection accuracy matching or exceeding published architectures with as many as 4 million parameters. The architectures are deployed on an Intel Core i5 as well as a ARM Cortex A72 to assess performance on hardware that is likely to be used in industry. Experimental results on the model’s latency show that the OutlierNet architectures can achieve as much as 30x lower latency than published networks.

Download Full-text

A Survey on Object Detection, Annotation and Anomaly Detection Methods for Endoscopic Videos

2020 5th International Conference on Computing, Communication and Security (ICCCS) ◽

10.1109/icccs49678.2020.9277436 ◽

2020 ◽

Author(s):

Tejas Chheda ◽

Soumya Koppaka ◽

Rithvika Iyer ◽

Dhananjay Kalbande

Keyword(s):

Anomaly Detection ◽

Object Detection ◽

Detection Methods ◽

Endoscopic Videos

Download Full-text

A novel GPU based intrusion detection system using deep autoencoder with Fruitfly optimization

SN Applied Sciences ◽

10.1007/s42452-021-04579-4 ◽

2021 ◽

Vol 3 (6) ◽

Author(s):

R. Sekhar ◽

K. Sasirekha ◽

P. S. Raja ◽

K. Thangavel

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Missing Values ◽

Detection System ◽

Radial Basis Function Network ◽

Detection Methods ◽

Support Vector ◽

Parameter Method ◽

List Type ◽

Fuzzy C Means

Abstract Intrusion Detection Systems (IDSs) have received more attention to safeguarding the vital information in a network system of an organization. Generally, the hackers are easily entering into a secured network through loopholes and smart attacks. In such situation, predicting attacks from normal packets is tedious, much challenging, time consuming and highly technical. As a result, different algorithms with varying learning and training capacity have been explored in the literature. However, the existing Intrusion Detection methods could not meet the desired performance requirements. Hence, this work proposes a new Intrusion Detection technique using Deep Autoencoder with Fruitfly Optimization. Initially, missing values in the dataset have been imputed with the Fuzzy C-Means Rough Parameter (FCMRP) algorithm which handles the imprecision in datasets with the exploit of fuzzy and rough sets while preserving crucial information. Then, robust features are extracted from Autoencoder with multiple hidden layers. Finally, the obtained features are fed to Back Propagation Neural Network (BPN) to classify the attacks. Furthermore, the neurons in the hidden layers of Deep Autoencoder are optimized with population based Fruitfly Optimization algorithm. Experiments have been conducted on NSL_KDD and UNSW-NB15 dataset. The computational results of the proposed intrusion detection system using deep autoencoder with BPN are compared with Naive Bayes, Support Vector Machine (SVM), Radial Basis Function Network (RBFN), BPN, and Autoencoder with Softmax. Article Highlights A hybridized model using Deep Autoencoder with Fruitfly Optimization is introduced to classify the attacks. Missing values have been imputed with the Fuzzy C-Means Rough Parameter method. The discriminate features are extracted using Deep Autoencoder with more hidden layers.

Download Full-text

Intrusion Detection Methods Based on Integrated Deep Learning Model

Computers & Security ◽

10.1016/j.cose.2021.102177 ◽

2021 ◽

pp. 102177

Author(s):

ZHENDONG WANG ◽

YAODI LIU ◽

DAOJING HE ◽

SAMMY CHAN

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Learning Model ◽

Detection Methods ◽

Deep Learning Model

Download Full-text

Edge Computing for Data Anomaly Detection of Multi-Sensors in Underground Mining

Electronics ◽

10.3390/electronics10030302 ◽

2021 ◽

Vol 10 (3) ◽

pp. 302

Author(s):

Chunde Liu ◽

Xianli Su ◽

Chuanwen Li

Keyword(s):

Energy Consumption ◽

Anomaly Detection ◽

Underground Mining ◽

Heterogeneous Data ◽

Edge Computing ◽

Sensor Nodes ◽

Detection Methods ◽

Detection Accuracy ◽

Clustering Methods ◽

Safety Warning

There is a growing interest in safety warning of underground mining due to the huge threat being faced by those working in underground mining. Data acquisition of sensors based on Internet of Things (IoT) is currently the main method, but the data anomaly detection and analysis of multi-sensors is a challenging task: firstly, the data that are collected by different sensors of underground mining are heterogeneous; secondly, real-time is required for the data anomaly detection of safety warning. Currently, there are many anomaly detection methods, such as traditional clustering methods K-means and C-means. Meanwhile, Artificial Intelligence (AI) is widely used in data analysis and prediction. However, K-means and C-means cannot directly process heterogeneous data, and AI algorithms require equipment with high computing and storage capabilities. IoT equipment of underground mining cannot perform complex calculation due to the limitation of energy consumption. Therefore, many existing methods cannot be directly used for IoT applications in underground mining. In this paper, a multi-sensors data anomaly detection method based on edge computing is proposed. Firstly, an edge computing model is designed, and according to the computing capabilities of different types of devices, anomaly detection tasks are migrated to different edge devices, which solve the problem of insufficient computing capabilities of the devices. Secondly, according to the requirements of different anomaly detection tasks, edge anomaly detection algorithms for sensor nodes and sink nodes are designed respectively. Lastly, an experimental platform is built for performance comparison analysis, and the experimental results show that the proposed algorithm has better performance in anomaly detection accuracy, delay, and energy consumption.

Download Full-text