Performance evaluation of unsupervised techniques in cyber-attack anomaly detection

Meira, Jorge Augusto; Andrade, Rui; Praça, Isabel; Carneiro, João; Bolón-Canedo, Verónica; Alonso‐Betanzos, Amparo; Marreiros, Goreti

doi:10.1007/s12652-019-01417-9

Cited by 50 publications

(17 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, the degree of freedom of the Machine Learning model was not considered in [3] to evaluate the number of adjustable parameters or weights and [51] suggested to fine-tune "hyper-parameters" in the framework doing the learning, but it is still not an optimal evaluation approach. In [52,53], various assessment methods have been suggested to test and assess Machine Learning models without mentioning the confusion matrix. Recently, Maseer et al [54] have used the CICIDS 2017 dataset to evaluate the Machine Learning model but the time complexity and confusion matrix were not considered.…”

Section: Ip Addressmentioning

confidence: 99%

“…Recently, Maseer et al [54] have used the CICIDS 2017 dataset to evaluate the Machine Learning model but the time complexity and confusion matrix were not considered. The discussion of the validation drawbacks presented in [3,[51][52][53][54]] is summarised in Table 3. Reference Drawbacks [3] The time complexity was not considered.…”

Section: Ip Addressmentioning

confidence: 99%

“…[51] Lack of robust validation methods. [52] The confusion matrix was not considered. [53] Binary stratification was considered without confusion matrix.…”

Section: Ip Addressmentioning

confidence: 99%

See 2 more Smart Citations

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

2021

View full text Add to dashboard Cite

This research attempts to introduce the production methodology of an anomaly detection dataset using ten desirable requirements. Subsequently, the article presents the produced dataset named UGRansome, created with up-to-date and modern network traffic (netflow), which represents cyclostationary patterns of normal and abnormal classes of threatening behaviours. It was discovered that the timestamp of various network attacks is inferior to one minute and this feature pattern was used to record the time taken by the threat to infiltrate a network node. The main asset of the proposed dataset is its implication in the detection of zero-day attacks and anomalies that have not been explored before and cannot be recognised by known threats signatures. For instance, the UDP Scan attack has been found to utilise the lowest netflow in the corpus, while the Razy utilises the highest one. In turn, the EDA2 and Globe malware are the most abnormal zero-day threats in the proposed dataset. These feature patterns are included in the corpus, but derived from two well-known datasets, namely, UGR’16 and ransomware that include real-life instances. The former incorporates cyclostationary patterns while the latter includes ransomware features. The UGRansome dataset was tested with cross-validation and compared to the KDD99 and NSL-KDD datasets to assess the performance of Ensemble Learning algorithms. False alarms have been minimized with a null empirical error during the experiment, which demonstrates that implementing the Random Forest algorithm applied to UGRansome can facilitate accurate results to enhance zero-day threats detection. Additionally, most zero-day threats such as Razy, Globe, EDA2, and TowerWeb are recognised as advanced persistent threats that are cyclostationary in nature and it is predicted that they will be using spamming and phishing for intrusion. Lastly, achieving the UGRansome balance was found to be NP-Hard due to real life-threatening classes that do not have a uniform distribution in terms of several instances.

show abstract

Section: Ip Addressmentioning

confidence: 99%

Section: Ip Addressmentioning

confidence: 99%

See 1 more Smart Citation

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

2021

View full text Add to dashboard Cite

show abstract

“…They also published an available dataset of 17,880 annotated job ads, retrieved from the use of a real-life system. An empirical study of different unsupervised learning algorithms used in the detection of unknown attacks was presented by Meira et al (2020). reviewed different intrusion detection system datasets in detail.…”

Section: Literature Reviewsmentioning

confidence: 99%

Cyber risk and cybersecurity: a systematic review of data availability

Cremer

Sheehan

Fortmann

et al. 2022

Geneva Pap Risk Insur Issues Pract

145

View full text Add to dashboard Cite

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

show abstract

“…These methods are present in numerous domains and research fields. These can be found in industrial machinery failure [28][29][30], credit card fraud [31][32][33], image processing [34,35], medical and public health [36][37][38], network intrusion [39][40][41][42], and others [43][44][45][46][47]. We focused on One-Class Classification (OCC) [17] methods to understand whether we could improve the results of the best classification algorithm.…”

Section: Computational Techniquesmentioning

confidence: 99%

Anomaly Detection on Natural Language Processing to Improve Predictions on Tourist Preferences

et al. 2022

Self Cite

View full text Add to dashboard Cite

Argumentation-based dialogue models have shown to be appropriate for decision contexts in which it is intended to overcome the lack of interaction between decision-makers, either because they are dispersed, they are too many, or they are simply not even known. However, to support decision processes with argumentation-based dialogue models, it is necessary to have knowledge of certain aspects that are specific to each decision-maker, such as preferences, interests, and limitations, among others. Failure to obtain this knowledge could ruin the model’s success. In this work, we sought to facilitate the information acquisition process by studying strategies to automatically predict the tourists’ preferences (ratings) in relation to points of interest based on their reviews. We explored different Machine Learning methods to predict users’ ratings. We used Natural Language Processing strategies to predict whether a review is positive or negative and the rating assigned by users on a scale of 1 to 5. We then applied supervised methods such as Logistic Regression, Random Forest, Decision Trees, K-Nearest Neighbors, and Recurrent Neural Networks to determine whether a tourist likes/dislikes a given point of interest. We also used a distinctive approach in this field through unsupervised techniques for anomaly detection problems. The goal was to improve the supervised model in identifying only those tourists who truly like or dislike a particular point of interest, in which the main objective is not to identify everyone, but fundamentally not to fail those who are identified in those conditions. The experiments carried out showed that the developed models could predict with high accuracy whether a review is positive or negative but have some difficulty in accurately predicting the rating assigned by users. Unsupervised method Local Outlier Factor improved the results, reducing Logistic Regression false positives with an associated cost of increasing false negatives.

show abstract

Performance evaluation of unsupervised techniques in cyber-attack anomaly detection

Cited by 50 publications

References 23 publications

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

Cyber risk and cybersecurity: a systematic review of data availability

Anomaly Detection on Natural Language Processing to Improve Predictions on Tourist Preferences

Contact Info

Product

Resources

About