An ensemble-based framework for user behaviour anomaly detection and classification for cybersecurity

Folino, Gianluigi; Godano, Carla Otranto; Pisani, Francesco Sergio

doi:10.1007/s11227-023-05049-x

Cited by 10 publications

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To compensate for missing values, statistical methods utilize statistical values; for instance, the mean filling approach [10] and fuzzy-rough nearest neighbours [11] are two examples. Nevertheless, statistical approaches are inadequate for imputation of missing data in case of IoT, as these methods may not utilize temporal insight.…”

Section: Related Workmentioning

confidence: 99%

Spatio-Temporal Bi-LSTM Based Variational Auto-Encoder for Multivariate IoT Data Imputation

2024

IJIES

View full text Add to dashboard Cite

In the relam of the Internet of Things (IoT), prevalence of missing data due to continuous data collection by smart devices necessitates the essential preliminary step of data imputation before engaging in information mining activities. IoT data exhibit robust interconnections in both spatial and temporal dimensions, surpassing the limitations of Euclidean space. Yet, prevailing machine learning and deep learning approaches often focus solely on temporal attributes or capture spatial features exclusively within a Euclidean framework. To address these challenges, this paper introduces a novel network named ST-Bi-LSTM-VAE (Spatio-Temporal Bidirectional Long Short-Term Memory based Variational Auto-Encoder). The architecture of ST-Bi-LSTM-VAE is primarily grounded in the Variational Auto-Encoder (VAE) framework. This innovative approach incorporates two distinct types of VAEs. The first type is dedicated to computing the adjacent matrix of the device network, a crucial input for the Graph Convolutional Network (GCN) essential in capturing intricate spatial relationships among devices. The second type of VAE is specifically tailored for data imputation, leveraging both global spatial and temporal dependencies. Empirical experiments conducted on diverse publicly available datasets substantiate the efficacy of ST-Bi-LSTM-VAE. The results obtained consistently demonstrate that proposed method surpasses baseline techniques in maintaining pattern, structure, and trend across datasets even at 50% missing gap for imputation task with 4.91% performance improvement in case of Intel Berkley Research Laboratory (IBRL) dataset and 3.5% on PRSA dataset.

show abstract

Section: Related Workmentioning

confidence: 99%

Spatio-Temporal Bi-LSTM Based Variational Auto-Encoder for Multivariate IoT Data Imputation

2024

IJIES

View full text Add to dashboard Cite

show abstract

“…To this end, the elastic stack (ELK) architecture established by Folino et al [20] is proposed to process and store log data in real time from various users and applications. Using the benefits of system produces an ensemble of models to categorize user behavior and identify abnormalities in real time.…”

Section: Related Workmentioning

confidence: 99%

Enhanced SVM Model with Orthogonal Learning Chaotic Grey Wolf Optimization for Cybersecurity Intrusion Detection in Agriculture 4.0

Shaik,

Thumboor,

Veluru

et al. 2023

IJSSE

View full text Add to dashboard Cite

Smart agriculture, also known as Agriculture 4.0, integrates cutting-edge technology with conventional farming practices through the agricultural Internet of Things (IoT). Despite its numerous advantages, Agriculture 4.0 introduces additional cybersecurity risks due to the widespread deployment of IoT-based devices. One significant threat is Distributed Denial of Service (DDoS) attacks, which can compromise the availability and integrity of agricultural systems. This paper proposes an Enhanced Multiclass Support Vector Machine (EMSVM) model for detecting DDoS attacks in Agriculture 4.0. To improve classification accuracy, the EMSVM model incorporates a novel optimization method called Orthogonal Learning Chaotic Grey Wolf Optimization (OLCGWO) for parameter selection. The performance of the proposed methodology is evaluated using two realworld traffic datasets, CIC-DDoS2019 and TON_IoT, which contain various DDoS attack scenarios. The results demonstrate the effectiveness of the EMSVM model in both binary and multiclass classification contexts.

show abstract

“…This framework is very close to the method proposed in this paper for developing a framework using Elasticsearch ML APIs. Folino et al [13] have developed a framework using ELK stack to monitor user behaviour for and detect anomalies in real time using the Kubernetes platform. Hariharan et al [14] came up with CAMLPAD where they have used anomaly detection technique using scoring method like Elasticsearch X-Pack.…”

Section: Introductionmentioning

confidence: 99%

Anomaly detection for software defined datacenter networks using X-Pack

Mahabaleshwar

Shobha

Krishnamurthy³

2023

IJEECS

View full text Add to dashboard Cite

The global data center market is growing as more and more enterprises are increasingly adopting cloud computing services and applications. Data centers are evolving towards highly virtualized architectures where transformation to software defined network (SDN) based solutions provides benefits in terms of network programmability, automation, and flow visibility. With the benefits, the need for securing network becomes essential as many critical applications are hosted on to such networking platforms. Anomaly detection is a continuous process of monitoring the traffic pattern and alerting the user about the anomalies if detected. For such real time analysis NoSQL and relational databases are less efficient. This paper proposes a framework for anomaly detection and alerting system using Elasticsearch database for SDN. Traffic patterns generated from SDN devices are continuously monitored and predefined actions are taken immediately if an anomaly is detected. The proof of concept is implemented in NOKIAs Nuage Networks Laboratory and the results showed a real time anomaly detection and took relevant actions within minimum time.

show abstract

An ensemble-based framework for user behaviour anomaly detection and classification for cybersecurity

Cited by 10 publications

References 19 publications

Spatio-Temporal Bi-LSTM Based Variational Auto-Encoder for Multivariate IoT Data Imputation

Spatio-Temporal Bi-LSTM Based Variational Auto-Encoder for Multivariate IoT Data Imputation

Enhanced SVM Model with Orthogonal Learning Chaotic Grey Wolf Optimization for Cybersecurity Intrusion Detection in Agriculture 4.0

Anomaly detection for software defined datacenter networks using X-Pack

Contact Info

Product

Resources

About