Reduction of the Number of Analyzed Parameters in Network Attack Detection Systems

2020 ◽  
Vol 54 (8) ◽  
pp. 907-914
Author(s):  
E. A. Popova ◽  
V. V. Platonov
Keyword(s):  
Attack Detection ◽  
Network Attack ◽  
Detection Systems

scholarly journals CONSTRUCTION OF ATTACK DETECTION SYSTEMS IN INFORMATION NETWORKS ON NEURAL NETWORK STRUCTURES

2020 ◽  
Vol 2 (10) ◽  
pp. 169-183
Author(s):  
Serhii Tolіupa ◽  
Oleksandr Pliushch ◽  
Ivan Parkhomenko
Keyword(s):  
Neural Network ◽  
Information Systems ◽  
Detection System ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Network Structures ◽  
Network Attack ◽  
Detection Systems ◽  
Protection Mechanisms ◽  
Software Prototype

Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.

scholarly journals CONSTRUCTION OF SYSTEMS OF DETECTION OF INVASIONS INTO THE INFORMATI TON AND TELECOMMUNICATIONS NETWORK ON THE BASIS OF METHODS OF INTELLECTUAL DISTRIBUTION OF DATA

2020 ◽  
pp. 80-89
Author(s):  
S. Toliupa ◽  
O. Pliushch ◽  
I. Parhomenko
Keyword(s):  
Data Mining ◽  
Experimental Research ◽  
Intelligent Systems ◽  
Detection System ◽  
Attack Detection ◽  
Information Network ◽  
Distributed Information ◽  
Network Attack ◽  
Detection Model ◽  
Detection Systems

The article proposes a combinatorial construction of a network attack detection system based on selected methods of data mining and conducts experimental research that confirms the effectiveness of the created detection model to protect the distributed information network. Experiments with a software prototype showed the high quality of detection of network attacks and proved the correctness of the choice of methods of data mining and the applicability of the developed techniques. The state of security of information and telecommunication systems against cyberattacks is analyzed, which allowed to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management. An analysis of publications of domestic and foreign experts, which summarizes: experience in building attack detection systems, their disadvantages and advantages; of attack and intrusion detection systems based on the use of intelligent systems. Based on the results of the review, proposals were formed on: construction of network attack detection systems on the basis of selected methods of data mining and experimental research, which confirms the effectiveness of the created detection model for the protection of the distributed information network.

scholarly journals Intelligent Techniques for Detecting Network Attacks: Review and Research Directions

Sensors ◽  
2021 ◽  
Vol 21 (21) ◽  
pp. 7070
Author(s):  
Malak Aljabri ◽  
Sumayh S. Aljameel ◽  
Rami Mustafa A. Mohammad ◽  
Sultan H. Almotiri ◽  
Samiha Mirza ◽  
...  
Keyword(s):  
Rapid Development ◽  
Attack Detection ◽  
Network Attacks ◽  
Research Directions ◽  
Network Attack ◽  
Detection Systems ◽  
Increased Risk ◽  
Use Of The Internet ◽  
Main Components ◽  
Network Technologies

The significant growth in the use of the Internet and the rapid development of network technologies are associated with an increased risk of network attacks. Network attacks refer to all types of unauthorized access to a network including any attempts to damage and disrupt the network, often leading to serious consequences. Network attack detection is an active area of research in the community of cybersecurity. In the literature, there are various descriptions of network attack detection systems involving various intelligent-based techniques including machine learning (ML) and deep learning (DL) models. However, although such techniques have proved useful within specific domains, no technique has proved useful in mitigating all kinds of network attacks. This is because some intelligent-based approaches lack essential capabilities that render them reliable systems that are able to confront different types of network attacks. This was the main motivation behind this research, which evaluates contemporary intelligent-based research directions to address the gap that still exists in the field. The main components of any intelligent-based system are the training datasets, the algorithms, and the evaluation metrics; these were the main benchmark criteria used to assess the intelligent-based systems included in this research article. This research provides a rich source of references for scholars seeking to determine their scope of research in this field. Furthermore, although the paper does present a set of suggestions about future inductive directions, it leaves the reader free to derive additional insights about how to develop intelligent-based systems to counter current and future network attacks.

scholarly journals Research and development automatically generate detection rules for IDS based on machine learning technology

2022 ◽  
Vol 2 (14) ◽  
pp. 45-54
Author(s):  
Nguyen Huy Trung ◽  
Le Hai Viet ◽  
Tran Duc Thang
Keyword(s):  
Machine Learning ◽  
False Alarm ◽  
Attack Detection ◽  
Learning Technology ◽  
Network Attacks ◽  
New Approach ◽  
Network Attack ◽  
Detection Systems ◽  
Resource Requirements ◽  
System Resource

Abstract—Nowadays, there have been many signature-based intrusion detection systems deployed and widely used. These systems are capable of detecting known attacks with low false alarm rates, fast detection times, and little system resource requirements. However, these systems are less effective against new attacks that are not included in the ruleset. In addition, recent studies provide a new approach to the problem of detecting unknown types of network attacks based on machine learning and deep learning. However, this new approach requires a lot of resources, processing time and has a high false alarm rate. Therefore, it is necessary to find a solution that combines the advantages of the two approaches above in the problem of detecting network attacks. In this paper, the authors present a method to automatically generate network attack detection rules for the IDS system based on the results of training machine learning models. Through testing, the author proves that the system that automatically generates network attack detection rules for IDS based on machine learning meets the requirements of increasing the ability to detect new types of attacks, ensuring automatic effective updates of new signs of network attacks. Tóm tắt—Ngày nay, đã có nhiều hệ thống phát hiện xâm nhập dựa trên chữ ký được triển khai và sử dụng rộng rãi. Các hệ thống này có khả năng phát hiện các cuộc tấn công đã biết với tỷ lệ báo động giả thấp, thời gian phát hiện nhanh và yêu cầu ít tài nguyên hệ thống. Tuy nhiên, các hệ thống này kém hiệu quả khi chống lại các cuộc tấn công mới không có trong tập luật. Các nghiên cứu gần đây cung cấp một cách tiếp cận mới cho vấn đề phát hiện các kiểu tấn công mạng mới dựa trên học máy và học sâu. Tuy nhiên, cách tiếp cận này đòi hỏi nhiều tài nguyên, thời gian xử lý. Vì vậy, cần tìm ra giải pháp kết hợp ưu điểm của hai cách tiếp cận trên trong bài toán phát hiện tấn công mạng. Trong bài báo này, nhóm tác giả trình bày phương pháp tự động sinh luật phát hiện tấn công mạng cho hệ thống phát hiện xâm nhập dựa trên kết quả huấn luyện mô hình học máy. Qua thử nghiệm, tác giả chứng minh rằng phương pháp này đáp ứng yêu cầu tăng khả năng phát hiện chính xác các kiểu tấn công mới, đảm bảo tự động cập nhật hiệu quả các dấu hiệu tấn công mạng mới vào tập luật.

scholarly journals Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches

2020 ◽  
Vol 10 (5) ◽  
pp. 1775 ◽  
Author(s):  
Roberto Magán-Carrión ◽  
Daniel Urda ◽  
Ignacio Díaz-Cano ◽  
Bernabé Dorronsoro
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Learning Approaches ◽  
Network Attack ◽  
Detection Systems ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

Presently, we are living in a hyper-connected world where millions of heterogeneous devices are continuously sharing information in different application contexts for wellness, improving communications, digital businesses, etc. However, the bigger the number of devices and connections are, the higher the risk of security threats in this scenario. To counteract against malicious behaviours and preserve essential security services, Network Intrusion Detection Systems (NIDSs) are the most widely used defence line in communications networks. Nevertheless, there is no standard methodology to evaluate and fairly compare NIDSs. Most of the proposals elude mentioning crucial steps regarding NIDSs validation that make their comparison hard or even impossible. This work firstly includes a comprehensive study of recent NIDSs based on machine learning approaches, concluding that almost all of them do not accomplish with what authors of this paper consider mandatory steps for a reliable comparison and evaluation of NIDSs. Secondly, a structured methodology is proposed and assessed on the UGR’16 dataset to test its suitability for addressing network attack detection problems. The guideline and steps recommended will definitively help the research community to fairly assess NIDSs, although the definitive framework is not a trivial task and, therefore, some extra effort should still be made to improve its understandability and usability further.

scholarly journals CLUSTERING NETWORK ATTACK FEATURES IN INFORMATION SECURITY ANALYSIS TASKS

2020 ◽  
Vol 1 (9) ◽  
pp. 45-58
Author(s):  
Valerii Lakhno ◽  
Borys Husiev ◽  
Andrii Blozva ◽  
Dmytro Kasatkin ◽  
Tetiana Osypova
Keyword(s):  
Information Security ◽  
Computational Experiment ◽  
Security Analysis ◽  
Attack Detection ◽  
Intelligent Network ◽  
Automatic Assessment ◽  
Network Attacks ◽  
Homogeneous Groups ◽  
Network Attack ◽  
Detection Systems

The paper proposes an algorithm with self-learning elements for intrusion detection systems, as well as an improved clustering technique which is recorded by the data system concerning information security events. The proposed approaches differ from those known using an entropy approach allowing data to be presented as homogeneous groups, moreover, each such group (or cluster) may correspond to predetermined parameters. The proposed solutions relate to the possibilities of assessing dynamic dependencies between clusters characterizing the analysed classes of invasions. The studies have found that in case of manifestation of new signs of information security events, the corresponding scale changes and describes the distances between clusters. A computational experiment was conducted to verify the operability and adequacy of the proposed solutions. During the computational experiment, it has been found that step-by-step calculation of parameters of informative characteristics of network attacks allows to form sufficiently informative cluster structures of data having characteristic attributes. These attributes further become the basis for the knowledge base of intelligent network attack detection systems. Dynamic dependencies between clusters are calculated allowing for a sufficiently accurate definition of the many information security events that can become the source data for further automatic assessment of current threats extent detected by attack detection systems. The methodology and algorithm presented in the paper for clustering the signs of network attacks, in our opinion it is simpler for software implementation than existing analogues.

scholarly journals Standalone Behaviour-Based Attack Detection Techniques for Distributed Software Systems via Blockchain

2021 ◽  
Vol 11 (12) ◽  
pp. 5685
Author(s):  
Hosam Aljihani ◽  
Fathy Eassa ◽  
Khalid Almarhabi ◽  
Abdullah Algarni ◽  
Abdulaziz Attaallah
Keyword(s):  
Attack Detection ◽  
Detection Methods ◽  
Software Systems ◽  
Distributed Software ◽  
Detection Techniques ◽  
Detection Systems ◽  
Novel Approach ◽  
Validation Experiment ◽  
Critical Issues ◽  
Concrete Solution

With the rapid increase of cyberattacks that presently affect distributed software systems, cyberattacks and their consequences have become critical issues and have attracted the interest of research communities and companies to address them. Therefore, developing and improving attack detection techniques are prominent methods to defend against cyberattacks. One of the promising attack detection methods is behaviour-based attack detection methods. Practically, attack detection techniques are widely applied in distributed software systems that utilise network environments. However, there are some other challenges facing attack detection techniques, such as the immutability and reliability of the detection systems. These challenges can be overcome with promising technologies such as blockchain. Blockchain offers a concrete solution for ensuring data integrity against unauthorised modification. Hence, it improves the immutability for detection systems’ data and thus the reliability for the target systems. In this paper, we propose a design for standalone behaviour-based attack detection techniques that utilise blockchain’s functionalities to overcome the above-mentioned challenges. Additionally, we provide a validation experiment to prove our proposal in term of achieving its objectives. We argue that our proposal introduces a novel approach to develop and improve behaviour-based attack detection techniques to become more reliable for distributed software systems.

Sign in / Sign up

Export Citation Format

Share Document