Anomaly Based Unknown Intrusion Detection in Endpoint Environments

Kim, Sujeong; Hwang, Chanwoong; Lee, Tae-Jin

doi:10.3390/electronics9061022

Cited by 26 publications

(13 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We found that the trend goes to AE techniques. The studies [18,[41][42][43][44]48] used AE techniques because of the ability of AE to take advantage of the linear and nonlinear dimensionality reduction to detect the anomalies. The AE training phase involves the reconstruction of clean input data from a partially destroyed one as well as the ability of AE to deal with heterogeneity, unstructured and high dimensional data that generated from IoT device.…”

Section: Discussionmentioning

confidence: 99%

“…In [39], by using a test-bed and CTU-13 datasets, the range of attacks included Infiltration attack, Propagation attack, worm infiltration, and worm propagation attack. In the study conducted by [43], the authors used the self-collection dataset and focused on interval attacks. In the studies [17,32,37,46,49], there was no report explaining what kinds of attacks they used.…”

Section: Analysis Of Type Of Attacks Detectedmentioning

confidence: 99%

See 1 more Smart Citation

Anomaly-Based Intrusion Detection Systems in IoT Using Deep Learning: A Systematic Literature Review

et al. 2021

View full text Add to dashboard Cite

The Internet of Things (IoT) concept has emerged to improve people’s lives by providing a wide range of smart and connected devices and applications in several domains, such as green IoT-based agriculture, smart farming, smart homes, smart transportation, smart health, smart grid, smart cities, and smart environment. However, IoT devices are at risk of cyber attacks. The use of deep learning techniques has been adequately adopted by researchers as a solution in securing the IoT environment. Deep learning has also successfully been implemented in various fields, proving its superiority in tackling intrusion detection attacks. Due to the limitation of signature-based detection for unknown attacks, the anomaly-based Intrusion Detection System (IDS) gains advantages to detect zero-day attacks. In this paper, a systematic literature review (SLR) is presented to analyze the existing published literature regarding anomaly-based intrusion detection, using deep learning techniques in securing IoT environments. Data from the published studies were retrieved from five databases (IEEE Xplore, Scopus, Web of Science, Science Direct, and MDPI). Out of 2116 identified records, 26 relevant studies were selected to answer the research questions. This review has explored seven deep learning techniques practiced in IoT security, and the results showed their effectiveness in dealing with security challenges in the IoT ecosystem. It is also found that supervised deep learning techniques offer better performance, compared to unsupervised and semi-supervised learning. This analysis provides an insight into how the use of data types and learning methods will affect the performance of deep learning techniques for further contribution to enhancing a novel model for anomaly intrusion detection and prediction.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Analysis Of Type Of Attacks Detectedmentioning

confidence: 99%

Anomaly-Based Intrusion Detection Systems in IoT Using Deep Learning: A Systematic Literature Review

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Haselmann et al [19] proposed image-based anomaly detection using Convolutional Neural Networks (CNN) for surface inspection used in the manufacturing industry. Kim et al [20] used an unsupervised AutoEncoder (AE) to detect unknown attacks in a single event. Some studies detect abnormal behavior of malicious code using principal component analysis, similar to AE [21].…”

Section: A Anomaly Detection Researchmentioning

confidence: 99%

“…Image, Sensor, Network Event, Other (data) CNN, AE, its variants [19], [20], [21], [22] Sequential Video, Speech, Protein Sequence, Time Series, Text (Natural language) CNN, RNN, LSTM, GRU [23], [24], [25], [26], [27] B. XAI RESEARCH XAI evolved to explain the black box model. Although there are a variety of XAI technologies, they are usually designed for images and rely on visual interpretability to evaluate and provide explanations.…”

Section: Non-sequentialmentioning

confidence: 99%

E-SFD: Explainable Sensor Fault Detection in the ICS Anomaly Detection System

Hwang

Lee

2021

IEEE Access

Self Cite

View full text Add to dashboard Cite

Industrial Control Systems (ICS) are evolving into smart environments with increased interconnectivity by being connected to the Internet. These changes increase the likelihood of security vulnerabilities and accidents. As the risk of cyberattacks on ICS has increased, various anomaly detection studies are being conducted to detect abnormal situations in industrial processes. However, anomaly detection in ICS suffers from numerous false alarms. When false alarms occur, multiple sensors need to be checked, which is impractical. In this study, when an anomaly is detected, sensors displaying abnormal behavior are visually presented through XAI-based analysis to support quick practical actions and operations. Anomaly Detection has designed and applied better anomaly detection technology than the first prize at HAICon2020, an ICS security threat detection AI contest hosted by the National Security Research Institute last year, and explains the anomalies detected in its model. To the best of our knowledge, our work is at the forefront of explainable anomaly detection research in ICS. Therefore, it is expected to increase the utilization of anomaly detection technology in ICS.

show abstract

“…The highest accuracy was obtained when 8 convolutional layers were arranged, but the CNN composed of 4 layers was also not much different from the CNN with 8 convolutional layers in accuracy, and progressed much faster in speed. Kim et al [17] detects anomalies in the event log using LOF and AutoEncoder among the anomaly detection techniques and suggests event rules generated through an attack profile. LOF was calculated based on the k-Nearest Neighbor (kNN) algorithm.…”

Section: Related Workmentioning

confidence: 99%

Semi-supervised based Unknown Attack Detection in EDR Environment

2020

KSII TIIS

View full text Add to dashboard Cite

Anomaly Based Unknown Intrusion Detection in Endpoint Environments

Cited by 26 publications

References 23 publications

Anomaly-Based Intrusion Detection Systems in IoT Using Deep Learning: A Systematic Literature Review

Anomaly-Based Intrusion Detection Systems in IoT Using Deep Learning: A Systematic Literature Review

E-SFD: Explainable Sensor Fault Detection in the ICS Anomaly Detection System

Semi-supervised based Unknown Attack Detection in EDR Environment

Contact Info

Product

Resources

About