Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity
Keyword(s):
The Real
◽
Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems characterize the entire network traffic within a single profile. This work proposes a user-level anomaly-based intrusion detection methodology using only the user’s network traffic. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack in all the users tested.
2021 ◽
Vol 2089
(1)
◽
pp. 012006
Keyword(s):
2020 ◽
Vol 108
◽
pp. 414-423
◽
2015 ◽
Vol 713-715
◽
pp. 2212-2216
◽