Performance Evaluation of a Combined Anomaly Detection Platform

Monshizadeh, Mehrnoosh; Khatri, Vikramajeet; Atli, Buse Gul; Kantola, Raimo; Yan, Zheng

doi:10.1109/access.2019.2930832

Cited by 26 publications

(15 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed architecture in the current paper is a continuation of ongoing research that has been published previously as Hybrid Anomaly Detection Model (HADM) [1]. The architecture comprises a random forest classifier and a feature selection/extraction algorithm as shown in Fig.…”

Section: Architecturementioning

confidence: 99%

“…In addition, the IP address and hexadecimal Medium Access Control (MAC) address of the applied datasets are transformed into separate numeric attributes. Each numeric attribute is normalized using batch mean and standard deviation unless there is an already defined range (e.g., IP address range) [1].…”

Section: B Data Preprocessingmentioning

confidence: 99%

“…In a prior study [1], the authors applied various feature selection methods to achieve the highest efficiency for attack detection. However, in the earlier study, various challenges such as data generalization and overfitting had been discovered and in the current paper, the authors propose an architecture to overcome the addressed issue.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Improving Data Generalization With Variational Autoencoders for Network Traffic Anomaly Detection

et al. 2021

Self Cite

View full text Add to dashboard Cite

Deep generative models have increasingly become popular in different domains such as image processing, though, they hardly appear in the cybersecurity arena. While the main application of these models is dimensionality reduction, marginally they have been utilized for overcoming challenges such as data generalization and overfitting issues inherited from feature selection methods. To solve the mentioned challenges, we propose a combined architecture comprising a Conditional Variational AutoEncoder (CVAE) and a Random Forest (RF) classifier to automatically learn similarity among input features, provide data distribution in order to extract discriminative features from original features, and finally classify various types of attacks. CVAE introduces the labels of traffic packets into a latent space in order to better learn the changes of input samples and distinguish the data characteristics of each class. It avoids the confusion between classes while learning the whole data distribution. Compared with feature selection mechanisms such as Support Vector Machine Online (SVMo) by considering various evaluation metrics, the proposed architecture demonstrates considerable improvement in terms of performance. To verify the versatility of the proposed architecture, two publicly available datasets have been used in experiments.

show abstract

Section: Architecturementioning

confidence: 99%

Section: B Data Preprocessingmentioning

confidence: 99%

See 1 more Smart Citation

Improving Data Generalization With Variational Autoencoders for Network Traffic Anomaly Detection

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Concretely, ZEEK/Bro is ready to work with external intelligent modules for IDS functionality enhancements. Examples of such modules include our prior work [62] and the works [65], [66].…”

Section: Zeek/bro and Hybrid Security Solutionmentioning

confidence: 99%

Deep Learning for Proactive Network Monitoring and Security Protection

et al. 2020

View full text Add to dashboard Cite

The work presented in this paper deals with a proactive network monitoring for security and protection of computing infrastructures. We provide an exploitation of an intelligent module, in the form of a as a machine learning application using deep learning modeling, in order to enhance functionality of intrusion detection system supervising network traffic flows. Currently, intrusion detection systems work well for network monitoring in near real-time and they effectively deal with threats in a reactive way. Deep learning is the emerging generation of artificial intelligence techniques and one of the most promising candidates for intelligence integration into traditional solutions leading to quality improvement of the original solutions. The work presented in this paper faces the challenge of cooperation between deep learning techniques and large-scale data processing. The outcomes obtained from extensive and careful experiments show the applicability and feasibility of simultaneously modelled multiple monitoring channels using deep learning techniques. The proper joining of deep learning modelling with scalable data preprocessing ensures high quality and stability of model performance in dynamic and fast-changing environments such as network traffic flow monitoring.

show abstract

“…Monshizadeh et al [51] proposed a hybrid anomaly detection model, which is a platform that filters network traffic and identifies malicious activities on the network. The platform uses a combination of linear and learning algorithms combined with a protocol analyzer.…”

Section: Related Workmentioning

confidence: 99%

An Efficient Intrusion Detection Model Based on Hybridization of Artificial Bee Colony and Dragonfly Algorithms for Training Multilayer Perceptrons

et al. 2020

View full text Add to dashboard Cite

One of the most persistent challenges concerning network security is to build a model capable of detecting intrusions in network systems. The issue has been extensively addressed in uncountable researches and using various techniques, of which a commonly used technique is that based on detecting intrusions in contrast to normal network traffic and the classification of network packets as either normal or abnormal. However, the problem of improving the accuracy and efficiency of classification models remains open and yet to be resolved. This study proposes a new binary classification model for intrusion detection, based on hybridization of Artificial Bee Colony algorithm (ABC) and Dragonfly algorithm (DA) for training an artificial neural network (ANN) in order to increase the classification accuracy rate for malicious and non-malicious traffic in networks. At first the model selects the suitable biases and weights utilizing a hybrid (ABC) and (DA). Next, the neural network is retrained using these ideal values in order for the intrusion detection model to be able to recognize new attacks. Ten other metaheuristic algorithms were adapted to train the neural network and their performances were compared with that of the proposed model. In addition, four types of intrusion detection evaluation datasets were applied to evaluate the proposed model in comparison to the others. The results of our experiments have demonstrated a significant improvement in inefficient network intrusion detection over other classification methods. INDEX TERMS Intrusion Detection System (IDS); Multilayer Perceptron (MLP); Metaheuristic Algorithm (MA); Artificial Bee Colony Algorithm (ABC); Dragonfly algorithm (DA)

show abstract

Performance Evaluation of a Combined Anomaly Detection Platform

Cited by 26 publications

References 13 publications

Improving Data Generalization With Variational Autoencoders for Network Traffic Anomaly Detection

Improving Data Generalization With Variational Autoencoders for Network Traffic Anomaly Detection

Deep Learning for Proactive Network Monitoring and Security Protection

An Efficient Intrusion Detection Model Based on Hybridization of Artificial Bee Colony and Dragonfly Algorithms for Training Multilayer Perceptrons

Contact Info

Product

Resources

About