Intrusion detection in enterprise systems by combining and clustering diverse monitor data

Bohara, Atul; Thakore, Uttam; Sanders, William H.

doi:10.1145/2898375.2898400

Cited by 32 publications

(17 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unsupervised learning methods are usually used with unlabeled logs. Bohara et al [63] proposed an unsupervised learning detection method in the enterprise environment. They conducted experiments on the VAST 2011 Mini Challenge 2 dataset and extracted features from the host and network logs.…”

Section: Log Feature Extraction-based Detectionmentioning

confidence: 99%

Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

2019

View full text Add to dashboard Cite

Networks play important roles in modern life, and cyber security has become a vital research area. An intrusion detection system (IDS) which is an important cyber security technique, monitors the state of software and hardware running in the network. Despite decades of development, existing IDSs still face challenges in improving the detection accuracy, reducing the false alarm rate and detecting unknown attacks. To solve the above problems, many researchers have focused on developing IDSs that capitalize on machine learning methods. Machine learning methods can automatically discover the essential differences between normal data and abnormal data with high accuracy. In addition, machine learning methods have strong generalizability, so they are also able to detect unknown attacks. Deep learning is a branch of machine learning, whose performance is remarkable and has become a research hotspot. This survey proposes a taxonomy of IDS that takes data objects as the main dimension to classify and summarize machine learning-based and deep learning-based IDS literature. We believe that this type of taxonomy framework is fit for cyber security researchers. The survey first clarifies the concept and taxonomy of IDSs. Then, the machine learning algorithms frequently used in IDSs, metrics, and benchmark datasets are introduced. Next, combined with the representative literature, we take the proposed taxonomic system as a baseline and explain how to solve key IDS issues with machine learning and deep learning techniques. Finally, challenges and future developments are discussed by reviewing recent representative studies.

show abstract

Section: Log Feature Extraction-based Detectionmentioning

confidence: 99%

Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

2019

View full text Add to dashboard Cite

show abstract

“…Many researchers have tried to study machine learning used in a variety of algorithm-based intrusion detection. They may come in the form of unsupervised learning [15]- [17] clustering without target specification and supervised learning that is used for training to model in estimation before new data estimation. Semi-supervised learning [5], [13], [18]- [20] is another type involved in function estimation on labeled and unlabeled data, falling between unsupervised learning and supervised learning, and Ensemble Learning [21]- [23] which uses many classification models to vote on an estimation.…”

Section: Relate Studiesmentioning

confidence: 99%

“…Similar to LDA generalization that models specific processes when finishing without reusing, it is considered as a method suitable for modern IDS. Some studies might classify data by using distance function for clustering as well [15]- [17] that benefits detection of a newer intrusion when a large number are hidden in other intrusion datasets. It's because of using distance function without forming a model resulting in newer intrusion detection.…”

Section: Introductionmentioning

confidence: 99%

A New Incremental Decision Tree Learning for Cyber Security based on ILDA and Mahalanobis Distance

Jaiyen¹,

Sornsuwit²

2019

View full text Add to dashboard Cite

A cyber-attack detection is currently essential for computer network protection. The fundamentals of protection are to detect cyber-attack effectively with the ability to combat it in various ways and with constant data learning such as internet traffic. With these functions, each cyber-attack can be memorized and protected effectively any time. This research will present procedures for a cyber-attack detection system Incremental Decision Tree Learning (IDTL) that use the principle through Incremental Linear Discriminant Analysis (ILDA) together with Mahalanobis distance for classification of the hierarchical tree by reducing data features that enhance classification of a variety of malicious data. The proposed model can learn a new incoming datum without involving the previous learned data and discard this datum after being learned. The results of the experiments revealed that the proposed method can improve classification accuracy as compare with other methods. They showed the highest accuracy when compared to other methods. If comparing with the effectiveness of each class, it was found that the proposed method can classify both intrusion datasets and other datasets efficiently.

show abstract

“…Therefore, correlation-based feature selection (CFS), deviation method, and feature value distributions are used to identify and remove any features that do not significantly contribute to clustering process. Pearson coefficient provides fairly accurate results with bounded feature value ranges when size of the dataset is large [8]. We use Pearson correlation coefficient R to measure the linear dependencies of strongly correlated features.…”

Section: Feature Reductionmentioning

confidence: 99%

“…A number of researchers have used machine learning (ML) algorithms to detect malicious traffic [7,21]. Their proposals use data mining [12], supervised ML [4], and unsupervised ML techniques [8,28] to build network intrusion detection systems (NIDS). Bekerman et al [7] used 942 features to identify malware by analysing network traffic.…”

Section: Comparison With Existing Approachesmentioning

confidence: 99%

Real-Time IoT Device Activity Detection in Edge Networks

Hafeez

Ding

Antikainen

et al. 2018

Network and System Security

View full text Add to dashboard Cite

The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (≥ 98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.

show abstract

Intrusion detection in enterprise systems by combining and clustering diverse monitor data

Cited by 32 publications

References 17 publications

Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

A New Incremental Decision Tree Learning for Cyber Security based on ILDA and Mahalanobis Distance

Real-Time IoT Device Activity Detection in Edge Networks

Contact Info

Product

Resources

About