Machine Learning Techniques for Anomaly Detection: An Overview

Abstract: Intrusion detection has gain a broad attention and become a fertile field for several researches, and still being the subject of widespread interest by researchers. The intrusion detection community still confronts difficult problems even after many years of research. Reducing the large number of false alerts during the process of detecting unknown attack patterns remains unresolved problem. However, several research results recently have shown that there are potential solutions to this problem. Anomaly detect… Show more

“…The part of features of the attacks was admitted according to [28,29]. Table 1 Average number of rules, matrices and training steps of ASDCA for detection of typical classes of cyber-attacks in MCCS Note: * -according to data [1,2,15,24,28,29]; ** -features and their information content according to data [28,29]; *** -according to data [1,2,16,24]; **** -according to data [6,8,15,19,24] To test the effectiveness of the proposed model, a series of experiments for main attacks was conducted, shown in Table 1. The example of test results for attacks on SCADA systems is shown in Fig.…”

“…The indicator of danger of each cyber threat depends on the values of a set of factors that increase or decrease the protection of MCCS from a given threat. The indicators, decreasing protection of MCCS are considered to be risk indicators [24], and those increasing it − protection indicators [4,6]. To formalize the dependency of MCCS's degree of protection on corresponding values, one can apply one of the following approaches [16,19,24]: 1) a cyber threat within a class depends on one indicator, i.e.…”

“…[22] considers the possibility of application of MAR splines in ASDCA, enabling building of exact approximation of the behavior of a standard user, or of the attacking side, according to specified parameters. A large number of works is devoted to statistical analysis of the data in ASDCA [15,23], to signature models [24] and theoretical aspects of the use of Markov chains [5,6,24] and the Petri nets [25] for the systems of cyber-attacks recognition.…”

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

“…The part of features of the attacks was admitted according to [28,29]. Table 1 Average number of rules, matrices and training steps of ASDCA for detection of typical classes of cyber-attacks in MCCS Note: * -according to data [1,2,15,24,28,29]; ** -features and their information content according to data [28,29]; *** -according to data [1,2,16,24]; **** -according to data [6,8,15,19,24] To test the effectiveness of the proposed model, a series of experiments for main attacks was conducted, shown in Table 1. The example of test results for attacks on SCADA systems is shown in Fig.…”

“…The indicator of danger of each cyber threat depends on the values of a set of factors that increase or decrease the protection of MCCS from a given threat. The indicators, decreasing protection of MCCS are considered to be risk indicators [24], and those increasing it − protection indicators [4,6]. To formalize the dependency of MCCS's degree of protection on corresponding values, one can apply one of the following approaches [16,19,24]: 1) a cyber threat within a class depends on one indicator, i.e.…”

“…[22] considers the possibility of application of MAR splines in ASDCA, enabling building of exact approximation of the behavior of a standard user, or of the attacking side, according to specified parameters. A large number of works is devoted to statistical analysis of the data in ASDCA [15,23], to signature models [24] and theoretical aspects of the use of Markov chains [5,6,24] and the Petri nets [25] for the systems of cyber-attacks recognition.…”

Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

“…Neural networks and Hidden Markov Model have been proved to be useful techniques at the network traffic level as shown in in [9] and [10]. However, using ML algorithms in a highly dynamic environment like service clouds have several drawbacks such as increasing performance overhead, storage requirements, and computational expense [11].…”

Volume 2, Issue 3, Special issue on Recent Advances in Engineering Systems (Published Papers) Articles Transmit / Received Beamforming for Frequency Diverse Array with Symmetrical frequency offsets Shaddrack Yaw Nusenu Adv. Sci. Technol. Eng. Syst. J. 2(3), 1-6 (2017); View Description Detailed Analysis of Amplitude and Slope Diffraction Coefficients for knife-edge structure in S-UTD-CH Model Eray Arik, Mehmet Baris Tabakcioglu Adv. Sci. Technol. Eng. Syst. J. 2(3), 7-11 (2017); View Description Applic

“…In a general case, the problem of detection of cyber-attacks to MCIS boils down to the following (Omar, Ngadi, & Jebur, 2013) (Tsai, Hsub, Linc, & Lin, 2009). A certain set of objects is explored; in our case, this is NPT − the number of possible targets from the side that attacks MCIS.…”

Design of Adaptive System for Detection of Cyber-Attacks