Network Anomaly Detection System: The State of Art of Network Behaviour Analysis

Lim, Shu Yun; Jones, Albert

doi:10.1109/ichit.2008.249

Cited by 27 publications

(13 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The machine learning type generates a whitelist or threshold that distinguishes anomaly from the normal users' communications [7]. The statistical analysis type finds anomaly connections, hosts, or packets as outliers [8].…”

Section: Related Workmentioning

confidence: 99%

RAT-based malicious activities detection on enterprise internal networks

Yamada

Morinaga

Unno

et al. 2015

2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)

View full text Add to dashboard Cite

The detection of APT has recently become an urgent problem needing to be resolved. Attackers use Remote Access Trojan/Remote Administration Tools (RATs), which often bypass general security measures, and the traditional detection techniques don't consider reconnaissance activities after RAT infections. We analyzed the behavior of the reconnaissance for this paper so that RAT-based malicious activities on internal networks can be divided from the operations of normal users. Based on the features of their behaviors, we propose a detection technique that monitors the communications on internal networks and extracts the communication sequences of the reconnaissance. The result from our evaluation showed that the proposed technique can detect 99.26 % of the experimental reconnaissance communications by using the real 34 RATs (29 families) and 4 SMB-based remote management methods, and also work without false-positive on an actual organization's internal network.

show abstract

Section: Related Workmentioning

confidence: 99%

RAT-based malicious activities detection on enterprise internal networks

Yamada

Morinaga

Unno

et al. 2015

2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)

View full text Add to dashboard Cite

show abstract

“…They differ according to the information used for analysis and according to techniques that are used to detect deviations from normal behavior. Lim and Jones in [3] proposed two types of anomaly detection techniques based on employed techniques: the learning model method and the specification model. The learning approach is based on the application of machine learning techniques, to automatically obtain a representation of normal behaviors from the analysis of system activities.…”

Section: Related Workmentioning

confidence: 99%

“…Commercial products applying rule based, statistical based, model based and neural networks approach to detected anomalies are briefly described in [3].…”

Section: Fig 1 Taxonomy Of Anomaly Detection Behavioral Model (Basementioning

confidence: 99%

Learning Algorithms in the Detection of Unused Functionalities in SOA Systems

Bluemke

Tarka

2013

Computer Information Systems and Industrial Management

View full text Add to dashboard Cite

Abstract. The objective of this paper is to present an application of learning algorithms to the detection of anomalies in SOA system. As it was not possible to inject errors into the "real" SOA system and to analyze the effect of these errors, a special model of SOA system was designed and implemented. In this system several anomalies were introduced and the effectiveness of algorithms in detecting them were measured. The results of experiments can be used to select efficient algorithm for anomaly detection. Two algorithms: K-means clustering and Kohonen networks were used to detect the unused functionalities and the results of this experiment are discussed. IntroductionWith the growth of computer networking, electronic commerce, and web services, security of networking systems has become very important. Many companies now rely on web services as a major source of revenue. Computer hacking poses significant problems to these companies, as distributed attacks can make their systems or services inoperable for some period of time. As this happens often, an entire area of research, called Intrusion Detection, is devoted to detect these activities. Nowadays many system are based on Service Oriented Architecture (SOA) [1,2] idea. A system based on SOA provides functionalities as a suite of interoperable services that can be used within multiple, separate systems from several business domains. SOA also provides a way for consumers of services, such as web-based applications, to be aware of available SOA-based services. Service-orientation requires loose coupling of services with operating systems, and other technologies that underly applications. SOA separates functionality into distinct units, or services, which developers make accessible over a network in order to allow users to combine and reuse them in the production of applications.The objective of this paper is to present the detection of anomalies in SOA systems by learning algorithms. Related work is presented in section 2 and in section 3, a special model of SOA system which was used in experiments, is presented. In this systems several anomalies were introduced. Four algorithms: Chi-Square statistics, k-means clustering, emerging patterns and Kohonen networks were used to detect anomalies. Detection of anomalies by k-means and Kohonen networks is presented in section 4 and some conclusions are given in section 5.

show abstract

“…Discriminant models are inherently supervised. In [16], both learning-based and specification-based behavior models are reviewed as applied to intrusion detection. This paper looks at the learning-based approach in terms taxonomy defined as: rule-based, modelbased, and statistical based.…”

Section: B Generative and Discriminative Approaches In Intrusion Detmentioning

confidence: 99%

A combined discriminative and generative behavior model for cyber physical system defense

McCusker

Brunza

Dasgupta

et al. 2013

2013 6th International Symposium on Resilient Control Systems (ISRCS)

View full text Add to dashboard Cite

In this position paper we explore the use of behavior models as an enabling methodology in the promotion of a more holistic understanding of CPS that can bridge both cyber and physical domains. Thus, we investigate the use of aggregate behavior analysis techniques combined in both cyber and physical domains. Ultimately, our work focuses on the development of a cyber-physical behavior model that leverages behavior aggregation promoting the creation of a long-view sense-making capability driven by both cyber and physical observations. We look to the use of this approach to establish the ability to anticipate malicious activity in CPS, rather that react.

show abstract

Network Anomaly Detection System: The State of Art of Network Behaviour Analysis

Cited by 27 publications

References 10 publications

RAT-based malicious activities detection on enterprise internal networks

RAT-based malicious activities detection on enterprise internal networks

Learning Algorithms in the Detection of Unused Functionalities in SOA Systems

A combined discriminative and generative behavior model for cyber physical system defense

Contact Info

Product

Resources

About