Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security 2013
DOI: 10.1145/2517312.2517316
|View full text |Cite
|
Sign up to set email alerts
|

A close look on n -grams in intrusion detection

Abstract: Detection methods based on n-gram models have been widely studied for the identification of attacks and malicious software. These methods usually build on one of two learning schemes: anomaly detection, where a model of normality is constructed from n-grams, or classification, where a discrimination between benign and malicious n-grams is learned. Although successful in many security domains, previous work falls short of explaining why a particular scheme is used and more importantly what renders one favorable… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
9
0
2

Year Published

2014
2014
2021
2021

Publication Types

Select...
5
2
2

Relationship

0
9

Authors

Journals

citations
Cited by 55 publications
(11 citation statements)
references
References 46 publications
0
9
0
2
Order By: Relevance
“…Por meio dessa comparac ¸ão, os modelos utilizados, embora simples, possibilitaram resultados próximos à 100% de acurácia geral, ao contrário dos modelos de Deep Learning encontrados no estado da arte. Dessa forma, a base de dados disponibilizada por [Gurdip Kaur 2020] é a escolhida para alcanc ¸ar os objetivos propostos, expandindoa com novas características, inserindo informac ¸ão dos enderec ¸os IP de origem e destino, dividindo-os em n-grams [Wressnegger et al 2013], e manipulando os registros originais. Essas alterac ¸ões e comparac ¸ões possibilitam a evoluc ¸ão tanto da base quanto do tema em destaque.…”
Section: Trabalhos Relacionadosunclassified
“…Por meio dessa comparac ¸ão, os modelos utilizados, embora simples, possibilitaram resultados próximos à 100% de acurácia geral, ao contrário dos modelos de Deep Learning encontrados no estado da arte. Dessa forma, a base de dados disponibilizada por [Gurdip Kaur 2020] é a escolhida para alcanc ¸ar os objetivos propostos, expandindoa com novas características, inserindo informac ¸ão dos enderec ¸os IP de origem e destino, dividindo-os em n-grams [Wressnegger et al 2013], e manipulando os registros originais. Essas alterac ¸ões e comparac ¸ões possibilitam a evoluc ¸ão tanto da base quanto do tema em destaque.…”
Section: Trabalhos Relacionadosunclassified
“…To model network traffic in IP-based networks, past systems have successfully used n-grams (e.g., PAYL [55], PCkAD [4]). To describe data in terms of n-grams, we adopt the definition presented by Wressnegger et al [56] and summarize it below. Each data object x first needs to be represented as a string of symbols from an alphabet, A, where A is often defined as bytes or tokens.…”
Section: Network Traffic Modeling and Analysismentioning
confidence: 99%
“…Therefore, this finding was in line with those of [30,31,33], However, if there is a lot of attack syntax, this could decrease the performance of the detection. Moreover, Wressnegger et al [34] set up a series of experiments by utilizing high-order n-grams of bytes with a combination of learning schemes. Their methods perform well in the detection of web attacks with a successive identification of 81.5% attacks and 0.01% false alarms.…”
Section: Related Workmentioning
confidence: 99%