Combining Machine Learning and Behavior Analysis Techniques for Network Security

“…However, the high degree of heterogeneity [3] that characterizes this environment makes this operation very difficult, due to both the continuous efforts of the attackers to violate the systems with more and more sophisticated techniques (a case in point is the difficulty of detecting the zero-day attacks [4]), and the problem that many attacks are often characterized by a behavior very similar to that of a legitimate network activity [5], making it difficult to detect them. To face these problems, researchers are constantly looking for more and more efficient Intrusion Detection Systems (IDSs) [6], which are designed using various techniques such as, just to name a few, those based on Machine Learning and Deep Learning [7,8], Artificial Intelligence [9], Artificial Neural Networks [10][11][12][13], Fuzzy Logic [14], often combining more than one to define hybrid solutions [15]. Starting from the consideration that most of the approaches and strategies in the literature related to the IDS domain exploit the entire training set to define the classification model [5,[16][17][18], we have trivially observed that a training dataset refers to single events in terms of data rows and to the different features that characterize each event in terms of data columns.…”

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

“…However, the high degree of heterogeneity [3] that characterizes this environment makes this operation very difficult, due to both the continuous efforts of the attackers to violate the systems with more and more sophisticated techniques (a case in point is the difficulty of detecting the zero-day attacks [4]), and the problem that many attacks are often characterized by a behavior very similar to that of a legitimate network activity [5], making it difficult to detect them. To face these problems, researchers are constantly looking for more and more efficient Intrusion Detection Systems (IDSs) [6], which are designed using various techniques such as, just to name a few, those based on Machine Learning and Deep Learning [7,8], Artificial Intelligence [9], Artificial Neural Networks [10][11][12][13], Fuzzy Logic [14], often combining more than one to define hybrid solutions [15]. Starting from the consideration that most of the approaches and strategies in the literature related to the IDS domain exploit the entire training set to define the classification model [5,[16][17][18], we have trivially observed that a training dataset refers to single events in terms of data rows and to the different features that characterize each event in terms of data columns.…”

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

Network intrusion detection based on Contractive Sparse Stacked Denoising Autoencoder