Network Intrusion Detection with Threat Agent Profiling

Bajtoš, Tomáš; Gajdoš, Andrej; Kleinova, Lenka; Lučivjanská, Katarína; Sokol, Pavol

doi:10.1155/2018/3614093

Cited by 14 publications

(6 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Intrusion Attack: Unauthorized access of computer resources and potential information that violates the integrity is known as an Intrusion attack where the attacker can attack in the application layer, transport layer, and network layer [74]. Several Intrusion Detection systems are designed to monitor data traffic, recognizing any harmful actions [9].…”

Section: Captcha Breaking: Captcha (Completely Automatedmentioning

confidence: 99%

Untitled

2021

JESTR

View full text Add to dashboard Cite

The emergence of the cloud computing paradigm has influenced business organizations for migration over two decades. This has enabled a more incredible communication speed paired with a better fault tolerance of web-based applications and the scope of having practically unlimited storage available for the user and business data. Such colossal data availability over cloud platforms has increased concerns about the security of the same from various threats such as unauthorized eavesdropping, deliberate malicious mutation of data, loss of data integrity, and identity theft. The presence of such security vulnerabilities has rendered cloud security to be an active research area. This article aims to deep dive into the present stateof-the-art in cloud security research and mitigation approaches. It is observed that cloud storage, cloud services are the widely used applications among the organization. However, vulnerabilities and security challenges faced by this two area is maximum. Besides, outsourcing sensitive information to cloud service provider's (CSP) end leads to trust issues among organizations. This article performs a detailed comparative analysis of the security frameworks developed towards cloud storage level, cloud service level, and cloud trust level to date and throws light on future research directives. All the existing research has been evaluated against CIA (confidentiality, Integrity, Availability) principles here.

show abstract

Section: Captcha Breaking: Captcha (Completely Automatedmentioning

confidence: 99%

Untitled

2021

JESTR

View full text Add to dashboard Cite

show abstract

“…The data set offers an up-to-date view of network security alerts and reflects the current cybersecurity threat landscape. The data set encourages experimenting with the advanced methods of alert aggregation and correlation [4] , including temporal and spatial correlations [6] , reputation scoring [7] , attack scenario reconstruction [8] , and attack projection [9] . Alert correlation and attack scenario reconstructions methods allow inferring insights into the behavior of the attackers.…”

Section: Value Of the Datamentioning

confidence: 99%

“…It is vital for cybersecurity to update data sets and traces of attacks as new ones appear continuously [5] . Temporal and spatial correlations allow for characterizing the overall cybersecurity situation and its changes in time [6] . Reputation scoring helps in assembling effective blacklists [7] .…”

Section: Value Of the Datamentioning

confidence: 99%

“…The data set encourages experimenting with the advanced methods of alert aggregation and correlation [4] , including temporal and spatial correlations [6] , reputation scoring [7] , attack scenario reconstruction [8] , and attack projection [9] .…”

Section: Value Of the Datamentioning

confidence: 99%

“…Temporal and spatial correlations allow for characterizing the overall cybersecurity situation and its changes in time [6] . Reputation scoring helps in assembling effective blacklists [7] .…”

Section: Value Of the Datamentioning

confidence: 99%

See 2 more Smart Citations

Dataset of intrusion detection alerts from a sharing platform

et al. 2020

Self Cite

View full text Add to dashboard Cite

The dataset contains intrusion detection alerts obtained via an alert sharing platform (SABU) for one week. A plethora of heterogeneous intrusion detection systems deployed across several organizations contributed to the sharing platform. The alerts are stored in the intrusion Detection Extensible Alert (IDEA) format and categorized using the eCSIRT.net Incident Taxonomy. Dataset can be used in several areas of cybersecurity research for the analysis of intrusion detection alerts including temporal and spatial correlations, reputation scoring, attack scenario reconstruction, and attack projection. The network identifiers (e.g., IP addresses, hostnames) are anonymized. However, the list of interesting features (e.g., presence on blacklists, geolocation) of such entities at the time of data collection is provided.

show abstract

Cloud-Based Zero Trust Access Control Policy: An Approach to Support Work-From-Home Driven by COVID-19 Pandemic

2021

View full text Add to dashboard Cite

The ubiquitous cloud computing services provide a new paradigm to the work-from-home environment adopted by the enterprise in the unprecedented crisis of the COVID-19 outbreak. However, the change in work culture would also increase the chances of the cybersecurity attack, MAC spoofing attack, and DDoS/DoS attack due to the divergent incoming traffic from the untrusted network for accessing the enterprise’s resources. Networks are usually unable to detect spoofing if the intruder already forges the host’s MAC address. However, the techniques used in the existing researches mistakenly classify the malicious host as the legitimate one. This paper proposes a novel access control policy based on a zero-trust network by explicitly restricting the incoming network traffic to substantiate MAC spoofing attacks in the software-defined network (SDN) paradigm of cloud computing. The multiplicative increase and additive decrease algorithm helps to detect the advanced MAC spoofing attack before penetrating the SDN-based cloud resources. Based on the proposed approach, a dynamic threshold is assigned to the incoming port number. The self-learning feature of the threshold stamping helps to rectify a legitimate user’s traffic before classifying it to the attacker. Finally, the mathematical and experimental results exhibit high accuracy and detection rate than the existing methodologies. The novelty of this approach strengthens the security of the SDN paradigm of cloud resources by redefining conventional access control policy.

show abstract

Network Intrusion Detection with Threat Agent Profiling

Cited by 14 publications

References 39 publications

Untitled

Untitled

Dataset of intrusion detection alerts from a sharing platform

Cloud-Based Zero Trust Access Control Policy: An Approach to Support Work-From-Home Driven by COVID-19 Pandemic

Contact Info

Product

Resources

About