2015 IEEE 27th International Conference on Tools With Artificial Intelligence (ICTAI) 2015
DOI: 10.1109/ictai.2015.155
|View full text |Cite
|
Sign up to set email alerts
|

Exploiting N-Gram Location for Intrusion Detection

Abstract: Signature-based and protocol-based intrusion detection systems (IDS) are employed as means to reveal content-based network attacks. Such systems have proven to be effective in identifying known intrusion attempts and exploits but they fail to recognize new types of attacks or carefully crafted variants of well known ones. This paper presents the design and the development of an anomaly-based IDS technique which is able to detect content-based attacks carried out over application level protocols, like HTTP and … Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
4
3

Relationship

0
7

Authors

Journals

citations
Cited by 13 publications
(8 citation statements)
references
References 8 publications
0
8
0
Order By: Relevance
“…Specifically, we considered three granularities: device type, device type and make, and specific device instance. 4 We also conducted experiments to examine various special cases where verification is less successful. For example, VIA's verification performs worse in cases where nearly identical devices (i.e., devices of the same type, make, and model) exist in both the target and other classes.…”
Section: Evaluation and Resultsmentioning
confidence: 99%
See 3 more Smart Citations
“…Specifically, we considered three granularities: device type, device type and make, and specific device instance. 4 We also conducted experiments to examine various special cases where verification is less successful. For example, VIA's verification performs worse in cases where nearly identical devices (i.e., devices of the same type, make, and model) exist in both the target and other classes.…”
Section: Evaluation and Resultsmentioning
confidence: 99%
“…Wireless traffic analysis systems and Intrusion Detection Systems have a long and rich history [2,4,6,11,12,16,23,25,26,29,33,35,39,48,55,58]. Generally speaking, wireless traffic analysis systems and Intrusion Detection Systems (IDS) continually monitor computers or networks, collecting data (e.g., system calls, network communication), extracting quantifiable features from this data, and applying a variety of techniques to analyze the data in search of signs of anomalies or compromise.…”
Section: Intrusion Detection Systems (Ids)mentioning
confidence: 99%
See 2 more Smart Citations
“…The results obtained are 100% True Positive Rate (TPR) and 0.087% False Positive rate (FPR). Angiulli, Argento and Furfaro [82] identify anomalous packets in the DARPA dataset, by dividing the payload into segments of equal length, using n-grams to learn the byte sequences that usually appear in each chunk. Using a semi-supervised approach, a model is built that associates the protocol-packet length pair.…”
Section: Discussionmentioning
confidence: 99%