Early Intrusion Detection for OS Scan Attacks

López-Vizcaíno, Manuel; Nóvoa, Francisco J.; Fernández, Daniel Méndez; Carneiro, Victor; Cacheda, Fidel

doi:10.1109/nca.2019.8935067

Cited by 12 publications

(10 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A study using an approach based on Dempster–Shafer evidence theory produced a solid groundwork for detecting port scan traffic [ 51 ]. Another study proposed a new evaluation metric for IDS, which was reported to take less time to identify port scan data than previous metrics [ 52 ]. Neither of these studies included IoT devices, and there is currently a lack of research into OS scans in regards to IoT devices.…”

Section: Background and Related Workmentioning

confidence: 99%

An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks

Churcher

Ullah

Ahmad

et al. 2021

Sensors

161

View full text Add to dashboard Cite

In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks

Churcher

Ullah

Ahmad

et al. 2021

Sensors

161

View full text Add to dashboard Cite

show abstract

“…In Kitsune, it has 1752987 instances of training sample and 751280 samples of testing samples. The OS scan works by using the TCP/IP stack fingerprinting method [39]. Service analytics works by using the N map-service-probes database to identify services performed on a targeted host.…”

Section: Simulation Resultsmentioning

confidence: 99%

Machine Learning Approach for Improvement in Kitsune NID

Alabdulatif¹,

Rizvi²

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

“…There is some research on Early Warning Systems (EWS), especially to avoid malware propagation, that explore different alternatives such as bayesian inference [16], Kalman filter [17] or sensors [18], but the evaluation is mainly focused on the identification of potential attacks in a timeline, without presenting a proper time-aware performance metric. More closely related to this work, [19] explores different methods for the early detection of cyber attacks using ERDE as the main performance metrics, while on [20] the authors focus on Operating System scan attacks and include F 1 − latency as time-aware evaluation metric.…”

Section: Related Workmentioning

confidence: 99%

“…Also, some variants of the ERDE metric can be found in the literature. For example, [23] defines the ERDE % o that is based on the percentage of items processed, instead of the number of items and in [20], a normalized version of the ERDE metric is defined using mix-max normalization.…”

Section: A Standard Metricsmentioning

confidence: 99%

Measuring Early Detection of Anomalies

et al. 2022

View full text Add to dashboard Cite

Early detection is a matter of growing importance in multiple domains as network security, health conditions over social network services or weather forecasts related disasters. It is not enough to make a good decision but it also needs to be made on time. In this paper, we define a method to evaluate detection of anomalies in time-aware systems. To do so, we present the early detection problem from a generic perspective, examine the evaluation metrics available and propose a new metric, named T aP (T ime aware P recision). A set of experiments using three different datasets from different fields are performed in order to compare the behaviour of the different metrics. Two different approaches were followed, first a batch evaluation is performed, followed by a streaming evaluation which allows to present a more realistic behaviour of the systems. For both steps, we propose two sets of experiments. The first one using baseline models, followed by the evaluation of a set of Machine Learning algorithms results. The presented metric allows the amount of items needed to take a decision to be taken into account, not depending on the specific dataset but on the nature of the problem to solve.

show abstract

Early Intrusion Detection for OS Scan Attacks

Cited by 12 publications

References 14 publications

An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks

An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks

Machine Learning Approach for Improvement in Kitsune NID

Measuring Early Detection of Anomalies

Contact Info

Product

Resources

About