A Practical Application of a Dataset Analysis in an Intrusion Detection System

Fernández, Daniel Méndez; Vigoya, Laura; Cacheda, Fidel; Nóvoa, Francisco J.; López-Vizcaíno, Manuel; Carneiro, Victor

doi:10.1109/nca.2018.8548316

Cited by 5 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There is some research on Early Warning Systems (EWS), especially to avoid malware propagation, that explore different alternatives such as bayesian inference [16], Kalman filter [17] or sensors [18], but the evaluation is mainly focused on the identification of potential attacks in a timeline, without presenting a proper time-aware performance metric. More closely related to this work, [19] explores different methods for the early detection of cyber attacks using ERDE as the main performance metrics, while on [20] the authors focus on Operating System scan attacks and include F 1 − latency as time-aware evaluation metric.…”

Section: Related Workmentioning

confidence: 99%

Measuring Early Detection of Anomalies

et al. 2022

View full text Add to dashboard Cite

Early detection is a matter of growing importance in multiple domains as network security, health conditions over social network services or weather forecasts related disasters. It is not enough to make a good decision but it also needs to be made on time. In this paper, we define a method to evaluate detection of anomalies in time-aware systems. To do so, we present the early detection problem from a generic perspective, examine the evaluation metrics available and propose a new metric, named T aP (T ime aware P recision). A set of experiments using three different datasets from different fields are performed in order to compare the behaviour of the different metrics. Two different approaches were followed, first a batch evaluation is performed, followed by a streaming evaluation which allows to present a more realistic behaviour of the systems. For both steps, we propose two sets of experiments. The first one using baseline models, followed by the evaluation of a set of Machine Learning algorithms results. The presented metric allows the amount of items needed to take a decision to be taken into account, not depending on the specific dataset but on the nature of the problem to solve.

show abstract

Section: Related Workmentioning

confidence: 99%

Measuring Early Detection of Anomalies

et al. 2022

View full text Add to dashboard Cite

show abstract

“…On the other hand, some works present the feature extraction for applications in machine learning [18,30,32]. The N-baIoT detects botnet attacks extracting behavior snapshots of the network, and using deep autoencoders [33].…”

Section: Dataset Feature Analysismentioning

confidence: 99%

“…DAD allows the evaluation of anomaly detection algorithms. A set of features was selected among the most used features in this kind of domain [30,32,45]. These features can be used for the application of different machine learning techniques.…”

Section: Monday Tuesdaymentioning

confidence: 99%

Annotated Dataset for Anomaly Detection in a Data Center with IoT Sensors

Vigoya¹,

Fernández²,

Carneiro³

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

The relative simplicity of IoT networks extends service vulnerabilities and possibilities to different network failures exhibiting system weaknesses. Therefore, having a dataset with a sufficient number of samples, labeled and with a systematic analysis, is essential in order to understand how these networks behave and detect traffic anomalies. This work presents DAD: a complete and labeled IoT dataset containing a reproduction of certain real-world behaviors as seen from the network. To approximate the dataset to a real environment, the data were obtained from a physical data center, with temperature sensors based on NFC smart passive sensor technology. Having carried out different approaches, performing mathematical modeling using time series was finally chosen. The virtual infrastructure necessary for the creation of the dataset is formed by five virtual machines, a MQTT broker and four client nodes, each of them with four sensors of the refrigeration units connected to the internal IoT network. DAD presents a seven day network activity with three types of anomalies: duplication, interception and modification on the MQTT message, spread over 5 days. Finally, a feature description is performed, so it can be used for the application of the various techniques of prediction or automatic classification.

show abstract

“…MQTT protocol is an application layer protocol, so it is on top of TCP/IP heap. Therefore, both the client and the broker need to have a TCP/IP stack and the analysis must be done taking this into account [6].…”

Section: Dataset Analysismentioning

confidence: 99%

“…[7]. The results can be evaluated using different metrics: the traditional precision, recall and F1, and Early Risk Detection Error (ERDE) [6].…”

Section: Identification Of Machine Learning Algorithms and Optimizatimentioning

confidence: 99%

Anomaly Detection in IoT: Methods, Techniques and Tools

Vigoya

López-Vizcaíno

Iglesias

et al. 2019

The 2nd XoveTIC Conference (XoveTIC 2019)

View full text Add to dashboard Cite

Nowadays, the Internet of things (IoT) network, as system of interrelated computing devices with the ability to transfer data over a network, is present in many scenarios of everyday life. Understanding how traffic behaves can be done more easily if the real environment is replicated to a virtualized environment. In this paper, we propose a methodology to develop a systematic approach to dataset analysis for detecting traffic anomalies in an IoT network. The reader will become familiar with the specific techniques and tools that are used. The methodology will have five stages: definition of the scenario, injection of anomalous packages, dataset analysis, implementation of classification algorithms for anomaly detection and conclusions.

show abstract

A Practical Application of a Dataset Analysis in an Intrusion Detection System

Cited by 5 publications

References 15 publications

Measuring Early Detection of Anomalies

Measuring Early Detection of Anomalies

Annotated Dataset for Anomaly Detection in a Data Center with IoT Sensors

Anomaly Detection in IoT: Methods, Techniques and Tools

Contact Info

Product

Resources

About