Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity

Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems characterize the entire network traffic within a single profile. This work proposes a user-level anomaly-based intrusion detection methodology using only the user’s network traffic. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack in all the users tested.

Download Full-text

A System to automate the development of anomaly-based network intrusion detection model

Journal of Physics Conference Series ◽

10.1088/1742-6596/2089/1/012006 ◽

2021 ◽

Vol 2089 (1) ◽

pp. 012006

Author(s):

B Padmaja ◽

K Sai Sravan ◽

E Krishna Rao Patro ◽

G Chandra Sekhar

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Real Time ◽

Network Traffic ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

Support Vector ◽

The Internet ◽

Detection Systems ◽

Network Intrusion

Abstract Cyber security is the major concern in today’s world. Over the past couple of decades, the internet has grown to such an extent that almost every individual living on this planet has the access to the internet today. This can be viewed as one of the major achievements in the human race, but on the flip side of the coin, this gave rise to a lot of security issues for every individual or the company that is accessing the web through the internet. Hackers have become active and are always monitoring the networks to grab every possible opportunity to attack a system and make the best fortune out of its vulnerabilities. To safeguard people’s and organization’s privacy in this cyberspace, different network intrusion detection systems have been developed to detect the hacker’s presence in the networks. These systems fall under signature based and anomaly based intrusion detection systems. This paper deals with using anomaly based intrusion detection technique to develop an automation system to both train and test supervised machine learning models, which is developed to classify real time network traffic as to whether it is malicious or not. Currently the best models by considering both detection success rate and the false positives rate are Artificial Neural Networks(ANN) followed by Support Vector Machines(SVM). In this paper, it is verified that Artificial Neural Network (ANN) based machine learning with wrapper feature selection outperforms support vector machine (SVM) technique while classifying network traffic as harmful or harmless. Initially to evaluate the performance of the system, NSL-KDD dataset is used to train and test the SVM and ANN models and finally classify real time network traffic using these models. This system can be used to carry out model building automatically on the new datasets and also for classifying the behaviour of the provided dataset without having to code.

Download Full-text

A real-time risk assessment model for intrusion detection systems

2017 International Symposium on Networks, Computers and Communications (ISNCC) ◽

10.1109/isncc.2017.8071990 ◽

2017 ◽

Cited By ~ 2

Author(s):

El Mostapha Chakir ◽

Mohamed Moughit ◽

Youness Idrissi Khamlichi

Keyword(s):

Risk Assessment ◽

Intrusion Detection ◽

Real Time ◽

Assessment Model ◽

Intrusion Detection Systems ◽

Risk Assessment Model ◽

Detection Systems

Download Full-text

The Real Niche for Intrusion Detection Systems

Infotech@Aerospace ◽

10.2514/6.2005-7149 ◽

2005 ◽

Author(s):

Robert Reschly ◽

Anthony Pressley

Keyword(s):

Intrusion Detection ◽

Intrusion Detection Systems ◽

The Real ◽

Detection Systems

Download Full-text

A Real-Time Risk Assessment Model for Intrusion Detection Systems Using Pattern Matching

International Conference on Information Technology and Communication Systems - Advances in Intelligent Systems and Computing ◽

10.1007/978-3-319-64719-7_20 ◽

2017 ◽

pp. 229-237

Author(s):

El Mostapha Chakir ◽

Mohamed Moughit ◽

Youness Idrissi Khamlichi

Keyword(s):

Risk Assessment ◽

Intrusion Detection ◽

Real Time ◽

Pattern Matching ◽

Assessment Model ◽

Intrusion Detection Systems ◽

Risk Assessment Model ◽

Detection Systems

Download Full-text

Performance Adaptation in Real-Time Intrusion Detection Systems

Lecture Notes in Computer Science - Recent Advances in Intrusion Detection ◽

10.1007/3-540-36084-0_14 ◽

2002 ◽

pp. 252-273 ◽

Cited By ~ 31

Author(s):

Wenke Lee ◽

João B. D. Cabrera ◽

Ashley Thomas ◽

Niranjan Balwalli ◽

Sunmeet Saluja ◽

...

Keyword(s):

Intrusion Detection ◽

Real Time ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Performance Adaptation

Download Full-text

A STUDY: NETWORK INTRUSION DETECTION SYSTEMS IN REAL TIME ENVIRONMENTS

Journal of Xidian University ◽

10.37896/jxu14.5/061 ◽

2020 ◽

Vol 14 (5) ◽

Keyword(s):

Intrusion Detection ◽

Real Time ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection Systems

Download Full-text

Real time dataset generation framework for intrusion detection systems in IoT

Future Generation Computer Systems ◽

10.1016/j.future.2020.02.051 ◽

2020 ◽

Vol 108 ◽

pp. 414-423 ◽

Cited By ~ 6

Author(s):

Yahya Al-Hadhrami ◽

Farookh Khadeer Hussain

Keyword(s):

Intrusion Detection ◽

Real Time ◽

Intrusion Detection Systems ◽

Detection Systems

Download Full-text

Real-time malware detection framework in intrusion detection systems

Proceedings of the 2013 Research in Adaptive and Convergent Systems on - RACS '13 ◽

10.1145/2513228.2513297 ◽

2013 ◽

Author(s):

SunWoo Kim ◽

TaeGuen Kim ◽

Eul Gyu Im

Keyword(s):

Intrusion Detection ◽

Real Time ◽

Malware Detection ◽

Intrusion Detection Systems ◽

Detection Systems

Download Full-text

RBF-based real-time hierarchical intrusion detection systems

Proceedings of the International Joint Conference on Neural Networks, 2003. ◽

10.1109/ijcnn.2003.1223922 ◽

2004 ◽

Cited By ~ 8

Author(s):

Ju Jiang ◽

Chunlin Zhang ◽

M. Kamel

Keyword(s):

Intrusion Detection ◽

Real Time ◽

Intrusion Detection Systems ◽

Detection Systems

Download Full-text

Abnormal File Access Behavior Detection Based on FPD: An Unsupervised Approach

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.713-715.2212 ◽

2015 ◽

Vol 713-715 ◽

pp. 2212-2216 ◽

Cited By ~ 1

Author(s):

Xiao Bin Wang ◽

Yong Jun Wang ◽

Yong Lin Sun

Keyword(s):

Information Security ◽

Intrusion Detection ◽

Training Data ◽

Intrusion Detection Systems ◽

Behavior Detection ◽

Detection Systems ◽

File Access ◽

Information File ◽

Unsupervised Approach ◽

Modern Information

Information security is a great challenge for organizations in our modern information world. Existing security facilities like Firewalls, Intrusion Detection Systems and Antivirus are not enough to guarantee the security of information. File is an important carrier of information, which is the intent of quite a number of attackers. In this paper, we extend the FPD-based approach for detecting abnormal file access behaviors. We propose 3 approaches to calculate FPD values in the case of lacking training data, and we apply a k-means based unsupervised approach to distinguish between normal processes and abnormal ones. Experiment demonstrate that our unsupervised approach is still effective compared to the supervised case with training data.

Download Full-text