Detecting Application-Layer Attacks Based on Hidden Semi-Markov Models

2014 ◽  
Vol 631-632 ◽  
pp. 923-927
Author(s):  
Bai Lin Xie ◽  
Qian Sheng Zhang
Keyword(s):  
Anomaly Detection ◽  
Markov Models ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Application Layer ◽  
Arrival Times ◽  
Positive Ratio ◽  
False Positive Ratio ◽  
Theory Application ◽  
Application Layer Protocol

This paper presents an application-layer attack detection method based on hidden semi-markov models. In this method, the keywords of an application-layer protocol and their inter-arrival times are used as the observations, a hidden semi-markov model is used to describe the application-layer behaviors of a normal user who is using some application-layer protocol. This method is also based anomaly detection. In theory, application-layer anomaly detection can identify the known, unknown and novel attacks happened on application-layer. The experimental results show that this method can identify several application-layer attacks, and has high detection accuracy and low false positive ratio.

Detecting Application-Layer Attacks Based on User's Application-Layer Behaviors

2013 ◽  
Vol 411-414 ◽  
pp. 607-612
Author(s):  
Bai Lin Xie ◽  
Sheng Yi Jiang
Keyword(s):  
Anomaly Detection ◽  
Detection Method ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Application Layer ◽  
Arrival Times ◽  
Positive Ratio ◽  
False Positive Ratio ◽  
Theory Application ◽  
Application Layer Protocol

This paper presents an application-layer attack detection method based on user’s application-layer behaviors. In this method, the keywords of an application-layer protocol and their inter-arrival times are used as the observations, a hidden semi-Markov model is used to describe the application-layer behaviors of a normal user who is using the application-layer protocol. This method is also based anomaly detection. In theory, application-layer anomaly detection can identify the known, unknown and novel attacks happened on application-layer. The experimental results show that this method can identify several application-layer attacks, and has high detection accuracy and low false positive ratio.

scholarly journals Tcp Syn Flood Attack Detection and Prevention System using Adaptive Thresholding Method

2021 ◽  
Vol 37 ◽  
pp. 01016
Author(s):  
B N Ramkumar ◽  
T Subbulakshmi
Keyword(s):  
Transmission Control Protocol ◽  
Denial Of Service ◽  
Attack Detection ◽  
Adaptive Thresholding ◽  
Defence Mechanism ◽  
Transmission Control ◽  
Positive Ratio ◽  
False Positive Ratio ◽  
Prevention System ◽  
Thresholding Algorithm

Transmission Control Protocol Synchronized (SYN) flooding contributes to a major part of the Denial of service attacks (Dos) because of the easy to exploit nature of the TCP three way handshake mechanism. Attackers use this weakness to overflow the TCP queue of the server and make its re-sources consumed resulting it to be unavailable for the requests of legitimate users. So we are in need of a quick and precise defence mechanism to detect the TCP-SYN Flood attack. The main objective of the paper is to propose a detection and prevention mechanism of the TCP-SYN flood attack using adaptive thresholding. Adaptive threshold algorithm (ATA) is used to calculate dynamic threshold .Thus this algorithm helps to overcome the limitations of static thresholding like high false positive ratio and also alert users after violation of the threshold calculated by adaptive thresholding algorithm. The result of the suggested mechanism is very effective in the detection and prevention of the TCP SYN flood attack using adaptive thresholding algorithm.

scholarly journals Calibrating Thresholds based on Trade-Offs Between Detection Accuracy and FPR for Copy Move Forgery Detection

2019 ◽  
Vol 8 (2) ◽  
pp. 3658-3663
Keyword(s):  
False Positive ◽  
Feature Vector ◽  
Roc Curves ◽  
Optimal Threshold ◽  
Detection Accuracy ◽  
Forgery Detection ◽  
Positive Ratio ◽  
False Positive Ratio ◽  
Harris Corner ◽  
Corner Points

In this paper, prominent keypoint based features are compared in order to analyze their reliability and efficiency against forgery detection. Four features specifically SURF, KAZE, Harris corner points and BRISK features are used individually on a set of images. The method includes four phases: Image pre-processing, keypoint detection, feature vector description and feature vector matching. In feature matching, MaxRatio has been chosen as a varying parameter for calculating values of false positives and false negatives for each feature. MaxRatio defines the ratio for rejecting ambiguous matches of feature descriptors in the images. The optimal threshold value for MaxRatio is calibrated with the help of trade-off between detection accuracy and false positive ratio. The changes in false negative ratio and false positive ratio are picturized in order to find out optimal threshold for detection accuracy. ROC curves are also plotted for each feature at different values of MaxRatio and area under the ROC curves are calculated. The experiments are performed on two benchmark datasets, namely CASIA version 2.0 and MICC-F600. It has been perceived from experimental outcomes that KAZE features gave best values for all the performance metrics namely accuracy, precision, area under the ROC curve and F1-score with little compromise in time complexity, whereas Harris corner points gave the worst results as compared to rest of the features. Further, in order to improve the execution time, the computation of non-linear scale space process in KAZE can be simplified and GPU programming for real-time performance may also be used.

scholarly journals OutlierNets: Highly Compact Deep Autoencoder Network Architectures for On-Device Acoustic Anomaly Detection

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4805
Author(s):  
Saad Abbasi ◽  
Mahmoud Famouri ◽  
Mohammad Javad Shafiee ◽  
Alexander Wong
Keyword(s):  
Machine Learning ◽  
Anomaly Detection ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Network Architectures ◽  
Design Exploration ◽  
Convolutional Autoencoder ◽  
Acoustic Anomaly ◽  
Human Operators ◽  
Computational Resources

Human operators often diagnose industrial machinery via anomalous sounds. Given the new advances in the field of machine learning, automated acoustic anomaly detection can lead to reliable maintenance of machinery. However, deep learning-driven anomaly detection methods often require an extensive amount of computational resources prohibiting their deployment in factories. Here we explore a machine-driven design exploration strategy to create OutlierNets, a family of highly compact deep convolutional autoencoder network architectures featuring as few as 686 parameters, model sizes as small as 2.7 KB, and as low as 2.8 million FLOPs, with a detection accuracy matching or exceeding published architectures with as many as 4 million parameters. The architectures are deployed on an Intel Core i5 as well as a ARM Cortex A72 to assess performance on hardware that is likely to be used in industry. Experimental results on the model’s latency show that the OutlierNet architectures can achieve as much as 30x lower latency than published networks.

scholarly journals Edge Computing for Data Anomaly Detection of Multi-Sensors in Underground Mining

Electronics ◽  
2021 ◽  
Vol 10 (3) ◽  
pp. 302
Author(s):  
Chunde Liu ◽  
Xianli Su ◽  
Chuanwen Li
Keyword(s):  
Energy Consumption ◽  
Anomaly Detection ◽  
Underground Mining ◽  
Heterogeneous Data ◽  
Edge Computing ◽  
Sensor Nodes ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Clustering Methods ◽  
Safety Warning

There is a growing interest in safety warning of underground mining due to the huge threat being faced by those working in underground mining. Data acquisition of sensors based on Internet of Things (IoT) is currently the main method, but the data anomaly detection and analysis of multi-sensors is a challenging task: firstly, the data that are collected by different sensors of underground mining are heterogeneous; secondly, real-time is required for the data anomaly detection of safety warning. Currently, there are many anomaly detection methods, such as traditional clustering methods K-means and C-means. Meanwhile, Artificial Intelligence (AI) is widely used in data analysis and prediction. However, K-means and C-means cannot directly process heterogeneous data, and AI algorithms require equipment with high computing and storage capabilities. IoT equipment of underground mining cannot perform complex calculation due to the limitation of energy consumption. Therefore, many existing methods cannot be directly used for IoT applications in underground mining. In this paper, a multi-sensors data anomaly detection method based on edge computing is proposed. Firstly, an edge computing model is designed, and according to the computing capabilities of different types of devices, anomaly detection tasks are migrated to different edge devices, which solve the problem of insufficient computing capabilities of the devices. Secondly, according to the requirements of different anomaly detection tasks, edge anomaly detection algorithms for sensor nodes and sink nodes are designed respectively. Lastly, an experimental platform is built for performance comparison analysis, and the experimental results show that the proposed algorithm has better performance in anomaly detection accuracy, delay, and energy consumption.

scholarly journals Random Collective Representation-Based Detector with Multiple Features for Hyperspectral Images

2021 ◽  
Vol 13 (4) ◽  
pp. 721
Author(s):  
Zhongheng Li ◽  
Fang He ◽  
Haojie Hu ◽  
Fei Wang ◽  
Weizhong Yu
Keyword(s):  
Anomaly Detection ◽  
Hyperspectral Image ◽  
Spectral Feature ◽  
Collaborative Representation ◽  
Detection Accuracy ◽  
Spatial Features ◽  
Collective Representation ◽  
Detection Approach ◽  
Adaptive Weight ◽  
Gabor Feature

Collaborative representation-based detector (CRD), as the most representative anomaly detection method, has been widely applied in the field of hyperspectral anomaly detection (HAD). However, the sliding dual window of the original CRD introduces high computational complexity. Moreover, most HAD models only consider a single spectral or spatial feature of the hyperspectral image (HSI), which is unhelpful for improving detection accuracy. To solve these problems, in terms of speed and accuracy, we propose a novel anomaly detection approach, named Random Collective Representation-based Detector with Multiple Feature (RCRDMF). This method includes the following steps. This method first extract the different features include spectral feature, Gabor feature, extended multiattribute profile (EMAP) feature, and extended morphological profile (EMP) feature matrix from the HSI image, which enables us to improve the accuracy of HAD by combining the multiple spectral and spatial features. The ensemble and random collaborative representation detector (ERCRD) method is then applied, which can improve the anomaly detection speed. Finally, an adaptive weight approach is proposed to calculate the weight for each feature. Experimental results on six hyperspectral datasets demonstrate that the proposed approach has the superiority over accuracy and speed.

scholarly journals Anomaly Detection Using Deep Neural Network for IoT Architecture

2021 ◽  
Vol 11 (15) ◽  
pp. 7050
Author(s):  
Zeeshan Ahmad ◽  
Adnan Shahid Khan ◽  
Kashif Nisar ◽  
Iram Haider ◽  
Rosilah Hassan ◽  
...  
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Anomaly Detection ◽  
Deep Neural Network ◽  
Detection System ◽  
Traffic Monitoring ◽  
Detection Accuracy ◽  
Learning Models ◽  
Prime Concern ◽  
Entry Points

The revolutionary idea of the internet of things (IoT) architecture has gained enormous popularity over the last decade, resulting in an exponential growth in the IoT networks, connected devices, and the data processed therein. Since IoT devices generate and exchange sensitive data over the traditional internet, security has become a prime concern due to the generation of zero-day cyberattacks. A network-based intrusion detection system (NIDS) can provide the much-needed efficient security solution to the IoT network by protecting the network entry points through constant network traffic monitoring. Recent NIDS have a high false alarm rate (FAR) in detecting the anomalies, including the novel and zero-day anomalies. This paper proposes an efficient anomaly detection mechanism using mutual information (MI), considering a deep neural network (DNN) for an IoT network. A comparative analysis of different deep-learning models such as DNN, Convolutional Neural Network, Recurrent Neural Network, and its different variants, such as Gated Recurrent Unit and Long Short-term Memory is performed considering the IoT-Botnet 2020 dataset. Experimental results show the improvement of 0.57–2.6% in terms of the model’s accuracy, while at the same time reducing the FAR by 0.23–7.98% to show the effectiveness of the DNN-based NIDS model compared to the well-known deep learning models. It was also observed that using only the 16–35 best numerical features selected using MI instead of 80 features of the dataset result in almost negligible degradation in the model’s performance but helped in decreasing the overall model’s complexity. In addition, the overall accuracy of the DL-based models is further improved by almost 0.99–3.45% in terms of the detection accuracy considering only the top five categorical and numerical features.

scholarly journals Anomaly Detection for Application Layer User Browsing Behavior Based on Attributes and Features

2018 ◽  
Vol 1069 ◽  
pp. 012072 ◽  
Author(s):  
Xiong Luo ◽  
Xiaoqiang Di ◽  
Xu Liu ◽  
Hui Qi ◽  
Jinqing Li ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Application Layer ◽  
Behavior Based ◽  
Browsing Behavior

scholarly journals Detection of specific areas and densities for ultrasound tomography

2019 ◽  
pp. 121-127
Author(s):  
Victoria Erofeeva ◽  
Vasilisa Galyamina ◽  
Kseniya Gonta ◽  
Anna Leonova ◽  
Oleg Granichin ◽  
...  
Keyword(s):  
Image Reconstruction ◽  
Ultrasound Imaging ◽  
Arrival Time ◽  
Detection Accuracy ◽  
Problem Solution ◽  
Ultrasound Tomography ◽  
Arrival Times ◽  
Whole Process ◽  
Imaging Reconstruction ◽  
Tomography Data

In this paper we consider the problem of ultrasound tomography. Recently, an increased interest in ultrasound tomography has been caused by non-invasiveness of the method and increased detection accuracy (as compared to radiation tomography), and also ultrasound tomography does not put at risk human health. We study possibilities of detection of specific areas and determining their density using ultrasound tomography data. The process of image reconstruction based on ultrasound data is computationally complex and time consuming. It contains the following parts: calculation of the time-of-flight (TOF) of a signal, detection of specific areas, calculation of density of specific areas. The calculation of the arrival time of a signal is a very important part, because the errors in the calculation of quantities strongly influence the total problem solution. We offer ultrasound imaging reconstruction technology that can be easily parallelized. The whole process is described: from extracting the arrival times of signals raw data feeding from physical receivers to obtaining the desired results.

Sign in / Sign up

Export Citation Format

Share Document