Time-Series Modeling for Intrusion Detection Systems

Psychogyios, Konstantinos; Bourou, Stavroula; Papadakis, Andreas; Nikolaou, Nikolaos; Zahariadis, Theodore

doi:10.1007/978-3-031-38333-5_1

Cited by 2 publications

(2 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…At the same time, as machine-learning technologies swiftly advance, their application finds their way into security-related areas. In this direction, datasets from intrusion detection systems (IDS) can be explored, through machine learning, to proactively indicate signals of potentially upcoming or already ongoing attacks [21]. The work converts a classic IDS dataset into a time-series format and uses predictive models to forecast the future (forthcoming malign packets).…”

Section: Positioning and State Of The Artmentioning

confidence: 99%

Vulnerability Identification and Assessment for Critical Infrastructures in the Energy Sector

et al. 2023

Self Cite

View full text Add to dashboard Cite

Vulnerability identification and assessment is a key process in risk management. While enumerations of vulnerabilities are available, it is challenging to identify vulnerability sets focused on the profiles and roles of specific organizations. To this end, we have employed systematized knowledge and relevant standards (including National Electric Sector Cybersecurity Organization Resource (NESCOR), ISO/IEC 27005:2018 and National Vulnerability Database (NVD)) to identify a set of 250 vulnerabilities for operators of energy-related critical infrastructures. We have elaborated a “double-mapping” scheme to associate (arbitrarily) categorized assets, with the pool of identified Physical, Cyber and Human/Organizational vulnerabilities. We have designed and implemented an extensible vulnerability identification and assessment framework, allowing historized assessments, based on the CVSS (Common Vulnerability Scoring System) scoring mechanism. This framework has been extended to allow modelling of the vulnerabilities and assessments using the Structured Threat Information eXpression (STIX) JSON format, as Cyber Threat Intelligence (CTI) information, to facilitate information sharing between Electrical Power and Energy Systems (EPES) and to promote collaboration and interoperability scenarios. Vulnerability assessments from the initial analysis of the project in the context of Research and Technology Development (RTD) projects have been statistically processed, offering insights in terms of the assessment’s importance and distribution. The assessments have also been transformed into a dynamic dataset processed to identify and quantify correlation and start the discussion on the interpretation of the way assessments are performed.

show abstract

Section: Positioning and State Of The Artmentioning

confidence: 99%

Vulnerability Identification and Assessment for Critical Infrastructures in the Energy Sector

et al. 2023

Self Cite

View full text Add to dashboard Cite

show abstract

“…The current manuscript is an extension of the previous work presented at the 2023 International Symposium on Distributed Computing and Artificial Intelligence (DCAI) [30], providing a more complex and robust architecture with more experiments, as well as an ablation study to validate the proposed architecture.…”

mentioning

confidence: 99%

Deep Learning for Intrusion Detection Systems (IDSs) in Time Series Data

Psychogyios,

Papadakis,

Bourou

et al. 2024

Future Internet

View full text Add to dashboard Cite

The advent of computer networks and the internet has drastically altered the means by which we share information and interact with each other. However, this technological advancement has also created opportunities for malevolent behavior, with individuals exploiting vulnerabilities to gain access to confidential data, obstruct activity, etc. To this end, intrusion detection systems (IDSs) are needed to filter malicious traffic and prevent common attacks. In the past, these systems relied on a fixed set of rules or comparisons with previous attacks. However, with the increased availability of computational power and data, machine learning has emerged as a promising solution for this task. While many systems now use this methodology in real-time for a reactive approach to mitigation, we explore the potential of configuring it as a proactive time series prediction. In this work, we delve into this possibility further. More specifically, we convert a classic IDS dataset to a time series format and use predictive models to forecast forthcoming malign packets. We propose a new architecture combining convolutional neural networks, long short-term memory networks, and attention. The findings indicate that our model performs strongly, exhibiting an F1 score and AUC that are within margins of 1% and 3%, respectively, when compared to conventional real-time detection. Also, our architecture achieves an ∼8% F1 score improvement compared to an LSTM (long short-term memory) model.

show abstract

Time-Series Modeling for Intrusion Detection Systems

Cited by 2 publications

References 20 publications

Vulnerability Identification and Assessment for Critical Infrastructures in the Energy Sector

Vulnerability Identification and Assessment for Critical Infrastructures in the Energy Sector

Deep Learning for Intrusion Detection Systems (IDSs) in Time Series Data

Contact Info

Product

Resources

About