scholarly journals Intelligent Techniques for Detecting Network Attacks: Review and Research Directions

Sensors ◽  
2021 ◽  
Vol 21 (21) ◽  
pp. 7070
Author(s):  
Malak Aljabri ◽  
Sumayh S. Aljameel ◽  
Rami Mustafa A. Mohammad ◽  
Sultan H. Almotiri ◽  
Samiha Mirza ◽  
...  
Keyword(s):  
Rapid Development ◽  
Attack Detection ◽  
Network Attacks ◽  
Research Directions ◽  
Network Attack ◽  
Detection Systems ◽  
Increased Risk ◽  
Use Of The Internet ◽  
Main Components ◽  
Network Technologies

The significant growth in the use of the Internet and the rapid development of network technologies are associated with an increased risk of network attacks. Network attacks refer to all types of unauthorized access to a network including any attempts to damage and disrupt the network, often leading to serious consequences. Network attack detection is an active area of research in the community of cybersecurity. In the literature, there are various descriptions of network attack detection systems involving various intelligent-based techniques including machine learning (ML) and deep learning (DL) models. However, although such techniques have proved useful within specific domains, no technique has proved useful in mitigating all kinds of network attacks. This is because some intelligent-based approaches lack essential capabilities that render them reliable systems that are able to confront different types of network attacks. This was the main motivation behind this research, which evaluates contemporary intelligent-based research directions to address the gap that still exists in the field. The main components of any intelligent-based system are the training datasets, the algorithms, and the evaluation metrics; these were the main benchmark criteria used to assess the intelligent-based systems included in this research article. This research provides a rich source of references for scholars seeking to determine their scope of research in this field. Furthermore, although the paper does present a set of suggestions about future inductive directions, it leaves the reader free to derive additional insights about how to develop intelligent-based systems to counter current and future network attacks.

Investigation Approach for Network Attack Intention Recognition

2017 ◽  
Vol 9 (1) ◽  
pp. 17-38 ◽  
Author(s):  
Abdulghani Ali Ahmed
Keyword(s):  
Rapid Development ◽  
Sensitive Information ◽  
Effective Protection ◽  
Network Attacks ◽  
Similarity Metric ◽  
Network Attack ◽  
Network Information ◽  
Protection Systems ◽  
Network Technologies ◽  
Malicious Intent

Sensitive information has critical risks when transmitted through computer networks. Existing protection systems still have limitations with treating network information with sufficient confidentiality, integrity, and availability. The rapid development of network technologies helps increase network attacks and hides their malicious intentions. Attack intention is the ultimate attack goal that the attacker attempts to achieve by executing various intrusion methods or techniques. Recognizing attack intentions helps security administrator develop effective protection systems that can detect network attacks that have similar intentions. This paper analyses attack types and classifies them according to their malicious intent. An investigation approach based on similarity metric is proposed to recognize attacker plans and predict their intentions. The obtained results demonstrate that the proposed approach is capable of investigating similarity of attack signatures and recognizing the intentions of Network attack.

scholarly journals Research and development automatically generate detection rules for IDS based on machine learning technology

2022 ◽  
Vol 2 (14) ◽  
pp. 45-54
Author(s):  
Nguyen Huy Trung ◽  
Le Hai Viet ◽  
Tran Duc Thang
Keyword(s):  
Machine Learning ◽  
False Alarm ◽  
Attack Detection ◽  
Learning Technology ◽  
Network Attacks ◽  
New Approach ◽  
Network Attack ◽  
Detection Systems ◽  
Resource Requirements ◽  
System Resource

Abstract—Nowadays, there have been many signature-based intrusion detection systems deployed and widely used. These systems are capable of detecting known attacks with low false alarm rates, fast detection times, and little system resource requirements. However, these systems are less effective against new attacks that are not included in the ruleset. In addition, recent studies provide a new approach to the problem of detecting unknown types of network attacks based on machine learning and deep learning. However, this new approach requires a lot of resources, processing time and has a high false alarm rate. Therefore, it is necessary to find a solution that combines the advantages of the two approaches above in the problem of detecting network attacks. In this paper, the authors present a method to automatically generate network attack detection rules for the IDS system based on the results of training machine learning models. Through testing, the author proves that the system that automatically generates network attack detection rules for IDS based on machine learning meets the requirements of increasing the ability to detect new types of attacks, ensuring automatic effective updates of new signs of network attacks. Tóm tắt—Ngày nay, đã có nhiều hệ thống phát hiện xâm nhập dựa trên chữ ký được triển khai và sử dụng rộng rãi. Các hệ thống này có khả năng phát hiện các cuộc tấn công đã biết với tỷ lệ báo động giả thấp, thời gian phát hiện nhanh và yêu cầu ít tài nguyên hệ thống. Tuy nhiên, các hệ thống này kém hiệu quả khi chống lại các cuộc tấn công mới không có trong tập luật. Các nghiên cứu gần đây cung cấp một cách tiếp cận mới cho vấn đề phát hiện các kiểu tấn công mạng mới dựa trên học máy và học sâu. Tuy nhiên, cách tiếp cận này đòi hỏi nhiều tài nguyên, thời gian xử lý. Vì vậy, cần tìm ra giải pháp kết hợp ưu điểm của hai cách tiếp cận trên trong bài toán phát hiện tấn công mạng. Trong bài báo này, nhóm tác giả trình bày phương pháp tự động sinh luật phát hiện tấn công mạng cho hệ thống phát hiện xâm nhập dựa trên kết quả huấn luyện mô hình học máy. Qua thử nghiệm, tác giả chứng minh rằng phương pháp này đáp ứng yêu cầu tăng khả năng phát hiện chính xác các kiểu tấn công mới, đảm bảo tự động cập nhật hiệu quả các dấu hiệu tấn công mạng mới vào tập luật.

Investigation Approach for Network Attack Intention Recognition

2020 ◽  
pp. 185-208
Author(s):  
Abdulghani Ali Ahmed
Keyword(s):  
Rapid Development ◽  
Sensitive Information ◽  
Effective Protection ◽  
Network Attacks ◽  
Similarity Metric ◽  
Network Attack ◽  
Network Information ◽  
Protection Systems ◽  
Network Technologies ◽  
Malicious Intent

Sensitive information has critical risks when transmitted through computer networks. Existing protection systems still have limitations with treating network information with sufficient confidentiality, integrity, and availability. The rapid development of network technologies helps increase network attacks and hides their malicious intentions. Attack intention is the ultimate attack goal that the attacker attempts to achieve by executing various intrusion methods or techniques. Recognizing attack intentions helps security administrator develop effective protection systems that can detect network attacks that have similar intentions. This paper analyses attack types and classifies them according to their malicious intent. An investigation approach based on similarity metric is proposed to recognize attacker plans and predict their intentions. The obtained results demonstrate that the proposed approach is capable of investigating similarity of attack signatures and recognizing the intentions of Network attack.

scholarly journals CLUSTERING NETWORK ATTACK FEATURES IN INFORMATION SECURITY ANALYSIS TASKS

2020 ◽  
Vol 1 (9) ◽  
pp. 45-58
Author(s):  
Valerii Lakhno ◽  
Borys Husiev ◽  
Andrii Blozva ◽  
Dmytro Kasatkin ◽  
Tetiana Osypova
Keyword(s):  
Information Security ◽  
Computational Experiment ◽  
Security Analysis ◽  
Attack Detection ◽  
Intelligent Network ◽  
Automatic Assessment ◽  
Network Attacks ◽  
Homogeneous Groups ◽  
Network Attack ◽  
Detection Systems

The paper proposes an algorithm with self-learning elements for intrusion detection systems, as well as an improved clustering technique which is recorded by the data system concerning information security events. The proposed approaches differ from those known using an entropy approach allowing data to be presented as homogeneous groups, moreover, each such group (or cluster) may correspond to predetermined parameters. The proposed solutions relate to the possibilities of assessing dynamic dependencies between clusters characterizing the analysed classes of invasions. The studies have found that in case of manifestation of new signs of information security events, the corresponding scale changes and describes the distances between clusters. A computational experiment was conducted to verify the operability and adequacy of the proposed solutions. During the computational experiment, it has been found that step-by-step calculation of parameters of informative characteristics of network attacks allows to form sufficiently informative cluster structures of data having characteristic attributes. These attributes further become the basis for the knowledge base of intelligent network attack detection systems. Dynamic dependencies between clusters are calculated allowing for a sufficiently accurate definition of the many information security events that can become the source data for further automatic assessment of current threats extent detected by attack detection systems. The methodology and algorithm presented in the paper for clustering the signs of network attacks, in our opinion it is simpler for software implementation than existing analogues.

Deep learning for detecting logic-flaw-exploiting network attacks: An end-to-end approach

2021 ◽  
pp. 1-30
Author(s):  
Qingtian Zou ◽  
Anoop Singhal ◽  
Xiaoyan Sun ◽  
Peng Liu
Keyword(s):  
Deep Learning ◽  
Attack Detection ◽  
Network Data ◽  
Learning Models ◽  
Real World Data ◽  
Network Attacks ◽  
Network Attack ◽  
Public Network ◽  
Network Intrusion ◽  
End To End

Network attacks have become a major security concern for organizations worldwide. A category of network attacks that exploit the logic (security) flaws of a few widely-deployed authentication protocols has been commonly observed in recent years. Such logic-flaw-exploiting network attacks often do not have distinguishing signatures, and can thus easily evade the typical signature-based network intrusion detection systems. Recently, researchers have applied neural networks to detect network attacks with network logs. However, public network data sets have major drawbacks such as limited data sample variations and unbalanced data with respect to malicious and benign samples. In this paper, we present a new end-to-end approach based on protocol fuzzing to automatically generate high-quality network data, on which deep learning models can be trained for network attack detection. Our findings show that protocol fuzzing can generate data samples that cover real-world data, and deep learning models trained with fuzzed data can successfully detect the logic-flaw-exploiting network attacks.

scholarly journals Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture

Sensors ◽  
2020 ◽  
Vol 20 (16) ◽  
pp. 4372 ◽  
Author(s):  
Yan Naung Soe ◽  
Yaokai Feng ◽  
Paulus Insap Santosa ◽  
Rudy Hartanto ◽  
Kouichi Sakurai
Keyword(s):  
Machine Learning ◽  
High Performance ◽  
Detection System ◽  
Rapid Development ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Detection Systems ◽  
Iot Devices ◽  
Artificial Neural Network Ann ◽  
Feature Selection Approach

With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.

scholarly journals CONSTRUCTION OF ATTACK DETECTION SYSTEMS IN INFORMATION NETWORKS ON NEURAL NETWORK STRUCTURES

2020 ◽  
Vol 2 (10) ◽  
pp. 169-183
Author(s):  
Serhii Tolіupa ◽  
Oleksandr Pliushch ◽  
Ivan Parkhomenko
Keyword(s):  
Neural Network ◽  
Information Systems ◽  
Detection System ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Network Structures ◽  
Network Attack ◽  
Detection Systems ◽  
Protection Mechanisms ◽  
Software Prototype

Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.

scholarly journals CONSTRUCTION OF SYSTEMS OF DETECTION OF INVASIONS INTO THE INFORMATI TON AND TELECOMMUNICATIONS NETWORK ON THE BASIS OF METHODS OF INTELLECTUAL DISTRIBUTION OF DATA

2020 ◽  
pp. 80-89
Author(s):  
S. Toliupa ◽  
O. Pliushch ◽  
I. Parhomenko
Keyword(s):  
Data Mining ◽  
Experimental Research ◽  
Intelligent Systems ◽  
Detection System ◽  
Attack Detection ◽  
Information Network ◽  
Distributed Information ◽  
Network Attack ◽  
Detection Model ◽  
Detection Systems

The article proposes a combinatorial construction of a network attack detection system based on selected methods of data mining and conducts experimental research that confirms the effectiveness of the created detection model to protect the distributed information network. Experiments with a software prototype showed the high quality of detection of network attacks and proved the correctness of the choice of methods of data mining and the applicability of the developed techniques. The state of security of information and telecommunication systems against cyberattacks is analyzed, which allowed to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management. An analysis of publications of domestic and foreign experts, which summarizes: experience in building attack detection systems, their disadvantages and advantages; of attack and intrusion detection systems based on the use of intelligent systems. Based on the results of the review, proposals were formed on: construction of network attack detection systems on the basis of selected methods of data mining and experimental research, which confirms the effectiveness of the created detection model for the protection of the distributed information network.

Sign in / Sign up

Export Citation Format

Share Document