scholarly journals Intelligent Cyber-Attack Detection and Classification for Network-based Intrusion Detection Systems

2020 ◽  
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are constantly shared across the network making it susceptible to an attack that can compromise data confidentiality, integrity and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform a timely detection of malicious events through the inspection of network traffic or host-based logs. Throughout the years, many machine learning techniques have proven to be successful at conducting anomaly detection but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP) and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, that only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes lead to believe that anomaly detection can be better addressed from a sequential perspective and that the LSTM is a very reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and a f1-score of 91.66%.

scholarly journals Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

2021 ◽  
Vol 11 (4) ◽  
pp. 1674
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

Techniques to Model and Derive a Cyber-Attacker’s Intelligence

2013 ◽  
pp. 162-180 ◽  
Author(s):  
Peter J. Hawrylak ◽  
Chris Hartney ◽  
Michael Haney ◽  
Jonathan Hamm ◽  
John Hale
Keyword(s):  
Intrusion Detection ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Intrusion Detection Systems ◽  
Cyber Attack ◽  
Computationally Efficient ◽  
Attack Graph ◽  
Detection Systems ◽  
Specialized Hardware ◽  
Time Required

Identifying the level of intelligence of a cyber-attacker is critical to detecting cyber-attacks and determining the next targets or steps of the adversary. This chapter explores intrusion detection systems (IDSs) which are the traditional tool for cyber-attack detection, and attack graphs which are a formalism used to model cyber-attacks. The time required to detect an attack can be reduced by classifying the attacker’s knowledge about the system to determine the traces or signatures for the IDS to look for in the audit logs. The adversary’s knowledge of the system can then be used to identify their most likely next steps from the attack graph. A computationally efficient technique to compute the likelihood and impact of each step of an attack is presented. The chapter concludes with a discussion describing the next steps for implementation of these processes in specialized hardware to achieve real-time attack detection.

scholarly journals Detection of Cyber Attack in Networks using Machine Learning Techniques

2021 ◽  
Vol 9 (VII) ◽  
pp. 2401-2404
Author(s):  
Meghana M
Keyword(s):  
Machine Learning ◽  
Information Security ◽  
Intrusion Detection ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Brute Force ◽  
Cyber Attack ◽  
Detection Systems ◽  
Learning Techniques

The use of recent innovations provides unimaginable blessings to individuals, organizations, and governments, be that because it might, messes some up against them. for example, the protection of serious information, security of place away data stages, accessibility of knowledge so forth. Digital concern, that created an excellent deal of problems individuals and institutions, has received A level that might undermine open and nation security by totally different gatherings, as an example, criminal association, good individuals and digital activists. the foremost common risk to a network’s security is an intrusion like brute force, denial of service or maybe an infiltration from inside a network. this can be wherever machine learning comes into play. Intrusion Detection Systems (IDS) has been created to take care of a strategic distance from digital assaults.

scholarly journals Extending Isolation Forest for Anomaly Detection in Big Data via K-Means

2021 ◽  
Vol 5 (4) ◽  
pp. 1-26
Author(s):  
Md Tahmid Rahman Laskar ◽  
Jimmy Xiangji Huang ◽  
Vladan Smetana ◽  
Chris Stewart ◽  
Kees Pouw ◽  
...  
Keyword(s):  
Big Data ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Computer Networks ◽  
Network Traffic ◽  
Intrusion Detection Systems ◽  
Traffic Data ◽  
Detection Systems ◽  
Proposed Model ◽  
Isolation Forest

Industrial Information Technology infrastructures are often vulnerable to cyberattacks. To ensure security to the computer systems in an industrial environment, it is required to build effective intrusion detection systems to monitor the cyber-physical systems (e.g., computer networks) in the industry for malicious activities. This article aims to build such intrusion detection systems to protect the computer networks from cyberattacks. More specifically, we propose a novel unsupervised machine learning approach that combines the K-Means algorithm with the Isolation Forest for anomaly detection in industrial big data scenarios. Since our objective is to build the intrusion detection system for the big data scenario in the industrial domain, we utilize the Apache Spark framework to implement our proposed model that was trained in large network traffic data (about 123 million instances of network traffic) stored in Elasticsearch. Moreover, we evaluate our proposed model on the live streaming data and find that our proposed system can be used for real-time anomaly detection in the industrial setup. In addition, we address different challenges that we face while training our model on large datasets and explicitly describe how these issues were resolved. Based on our empirical evaluation in different use cases for anomaly detection in real-world network traffic data, we observe that our proposed system is effective to detect anomalies in big data scenarios. Finally, we evaluate our proposed model on several academic datasets to compare with other models and find that it provides comparable performance with other state-of-the-art approaches.

Sign in / Sign up

Export Citation Format

Share Document