Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

Karuppanchetty, Chockalingam; Edmonds, William; Kim, Sunil; Nwanze, Nnamdi

doi:10.5815/ijcnis.2015.10.01

Cited by 3 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1): in ITS happens a certain event of information security E 1 ... E n (according to [2] in meaning of event of information security, we understand identified system behavior , service or network, that points to a possible breach of information security, policy, control facilities failure or previously unknown situation that may be relevant to information security) caused by cyberattacks CA 1 ... CA n [11] as well as unintentional actions that coming on the sensors S 1 ... S n (sensors of network-centric monitoring system of cyberincidents can be sources of information such as intrusion detection/prevention systems IDS / IPS [23,24] Network-centric monitoring is determined by that for each management system of cyberincidents forms a network of agents (sensors). The overall management system of cyberincidents region or state can be displayed as a complex network of interconnected centers (teams) campus type, each of which is able to: have a clearly defined goal of the functioning; act in accordance with its rules and algorithms; manage a database containing the requested information; use the results of monitoring, responding to them by their actions; take their own initiative; send and receive messages from other systems and join with them in interaction.…”

Section: The Concept Of Network-centric Monitoring Of Cyberincidmentioning

confidence: 99%

“…ITS is an environment in which can occur cyberincidents, typical structure of ITS according to [11,21,22] given in Table 8. (23). Cyberincident that having a greater impact, gets a lower score (1, 2), less influentialbigger (3,4) [23,24].…”

Section: Botnet Bot Networkmentioning

confidence: 99%

“…(23). Cyberincident that having a greater impact, gets a lower score (1, 2), less influentialbigger (3,4) [23,24]. …”

Section: Botnet Bot Networkmentioning

confidence: 99%

See 2 more Smart Citations

Method for Cyberincidents Network-Centric Monitoring in Critical Information Infrastructure

Hu¹,

Gnatyuk²,

Sydorenko³

et al. 2017

IJCNIS

View full text Add to dashboard Cite

show abstract

Section: The Concept Of Network-centric Monitoring Of Cyberincidmentioning

confidence: 99%

Section: Botnet Bot Networkmentioning

confidence: 99%

See 1 more Smart Citation

Method for Cyberincidents Network-Centric Monitoring in Critical Information Infrastructure

Hu¹,

Gnatyuk²,

Sydorenko³

et al. 2017

IJCNIS

View full text Add to dashboard Cite

show abstract

“…Currently there are no publicly available datasets based on real network traffic due to privacy concerns from their owners. There is no standard method for collecting real traffic for training and testing a MLFFNN IDS [7]. Reference [8] found that a dataset composed of simulated and real traffic is needed.…”

Section: Introductionmentioning

confidence: 99%

Incorporating a Honeyfarm With MLFFNN Ids for Improving Intrusion Detection

Ray¹

2023

ijarcs

View full text Add to dashboard Cite

Today's networks must deal with dynamically changing threats each day. Use of static datasets to train and prepare multi-layer feed forward neural network intrusion detection systems (MLFFNN IDS) doesn't address these new threats. The use of real traffic data to train neural network IDSs has been out of reach in organizations due to privacy and concerns. Now the use of a honeyfarm system can provide real-time data to a MLFFNN IDS so that it can adjust to new threats as they begin. This system also removes the privacy and concerns since information about the network is false and acts as a decoy to lure attackers away from the real organizational network. This paper introduces ahoneyfarm architecture one can use with a MLFFNN IDS to improve intrusion detection capability.

show abstract

“…The number of events, arriving from this component is significantly exceeds the similar parameter in comparison to the other components. At the same time, the mechanisms for the sustainable supporting of the DCS functioning should quickly respond to these situations [7][8][9][10][11][15][16][17]. Thus, there is the need to develop and use the specific networking mechanisms that will work correctly with the differential intensities of the arriving events related to the DCS components functions [18].…”

Section: Introductionmentioning

confidence: 99%

Stochastic RA-Network for the Nodes Functioning Analysis in the Distributed Computer Systems

Mukhin²,

Loutskii³

et al. 2016

IJCNIS

View full text Add to dashboard Cite

In the paper is described the simulating process for the situations analysis and the decisions making about the functioning of the Distributed Computer Systems (DCS) nodes on the basis of special stochastic RA-networks mechanism. There are presented the main problems in the estimations of the DCS nodes functioning parameters and there are shown that the suggested RA-networks mechanism allows simulate the data flow with the different, including the significantly different intensities, what is particularly important in for the situations analysis and the decisions making in the DCS nodes parameters dynamics control.

show abstract

Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

Cited by 3 publications

References 15 publications

Method for Cyberincidents Network-Centric Monitoring in Critical Information Infrastructure

Method for Cyberincidents Network-Centric Monitoring in Critical Information Infrastructure

Incorporating a Honeyfarm With MLFFNN Ids for Improving Intrusion Detection

Stochastic RA-Network for the Nodes Functioning Analysis in the Distributed Computer Systems

Contact Info

Product

Resources

About