A Survey on Anomaly Based Host Intrusion Detection System

Jose, Shijoe; Malathi, D.; Reddy, B. Ramachandra; Jayaseeli, Dorathi

doi:10.1088/1742-6596/1000/1/012049

Cited by 81 publications

(44 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Host-based [63]: A Host-based Intrusion Detection System (HIDS) operates by exploiting several hosts ( Figure 2) with the aim to capture the network activity. Each new network event is compared to the information stored in a database (signatures), and, when an intrusion is detected, the system responds with a series of countermeasures.…”

Section: Operative Placementmentioning

confidence: 99%

A Local Feature Engineering Strategy to Improve Network Anomaly Detection

et al. 2020

View full text Add to dashboard Cite

The dramatic increase in devices and services that has characterized modern societies in recent decades, boosted by the exponential growth of ever faster network connections and the predominant use of wireless connection technologies, has materialized a very crucial challenge in terms of security. The anomaly-based intrusion detection systems, which for a long time have represented some of the most efficient solutions to detect intrusion attempts on a network, have to face this new and more complicated scenario. Well-known problems, such as the difficulty of distinguishing legitimate activities from illegitimate ones due to their similar characteristics and their high degree of heterogeneity, today have become even more complex, considering the increase in the network activity. After providing an extensive overview of the scenario under consideration, this work proposes a Local Feature Engineering (LFE) strategy aimed to face such problems through the adoption of a data preprocessing strategy that reduces the number of possible network event patterns, increasing at the same time their characterization. Unlike the canonical feature engineering approaches, which take into account the entire dataset, it operates locally in the feature space of each single event. The experiments conducted on real-world data showed that this strategy, which is based on the introduction of new features and the discretization of their values, improves the performance of the canonical state-of-the-art solutions.

show abstract

Section: Operative Placementmentioning

confidence: 99%

A Local Feature Engineering Strategy to Improve Network Anomaly Detection

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Furthermore, machine learning algorithms deep learning algorithms are applied in intrusion detection systems as in the research of [18] presented that machine learning based system can be used to detect intrusion for software defined networks. [19] Presented an extensive survey on anomaly based intrusion detection system. [20] Applied…”

Section: Machine Learning Algorithms Applied To System Securitymentioning

confidence: 99%

Machine Learning Algorithms Applied to System Security: A Systematic Review

Goni¹,

Bello²,

Maigari³

2020

AJAST

View full text Add to dashboard Cite

“…These steps are executed permanently by the intrusion detection system in a cyclic way. It exists three main types of intrusion detection systems [13][14][15]…”

Section: Intrusion Detection Systemsmentioning

confidence: 99%

A Framework for Intrusion Detection Based on Workflow Mining

Nicolas¹,

Bitjoka²,

Emvudu³

2019

AJCST

View full text Add to dashboard Cite

Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work.

show abstract

A Survey on Anomaly Based Host Intrusion Detection System

Cited by 81 publications

References 14 publications

A Local Feature Engineering Strategy to Improve Network Anomaly Detection

A Local Feature Engineering Strategy to Improve Network Anomaly Detection

Machine Learning Algorithms Applied to System Security: A Systematic Review

A Framework for Intrusion Detection Based on Workflow Mining

Contact Info

Product

Resources

About