Two Stage Anomaly Detection for Network Intrusion Detection

Neuschmied, Helmut; Winter, Martin; Hofer-Schmitz, Katharina; Stojanović, Branka; Kleb, Ulrike

doi:10.5220/0010233404500457

Cited by 11 publications

(7 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to such reasons, implementing a general defence approach or application for APT attacks proves to be very difficult, even unlikely. Therefore, this work contributes to this challenge by evaluating the multi-stage approach from [14] for anomaly detection. In this way, our proposed approach contributes to the above-mentioned challenges with the goal to make anomaly-detection findings more understandable.…”

Section: Related Workmentioning

confidence: 99%

“…In addition, the test dataset is further used for the additional testing of algorithms on previously unknown attack types. For the conducted tests, the following algorithms were applied: This two-stage approach, as presented in the previous work in [14], combines both models, which underlying idea is depicted in Figure 3. In a first step-referred to as the pre-processing or filtering step-a fast anomaly detector filters out data which, with a very high probability, does not belong to any anomaly.…”

Section: Anomaly Detection With Autoencodersmentioning

confidence: 99%

“…The corresponding performance metric for model optimisation represents the area under the ROC curve (AUC). The parameter set that was selected for optimisation can be observed in Table 3, as shown in the previous work in [14].…”

Section: Hyper-parameter Optimisationmentioning

confidence: 99%

“…This paper builds upon previous works from [14,15], where a novel two-stage approach for anomaly detection, relying on autoencoders, was introduced. In this work, we additionally investigated several anomaly-detection methods with an emphasis on filtering methods and performance evaluation on two datasets.…”

Section: Introductionmentioning

confidence: 96%

See 3 more Smart Citations

APT-Attack Detection Based on Multi-Stage Autoencoders

et al. 2022

Self Cite

View full text Add to dashboard Cite

In the face of emerging technological achievements, cyber security remains a significant issue. Despite the new possibilities that arise with such development, these do not come without a drawback. Attackers make use of the new possibilities to take advantage of possible security defects in new systems. Advanced-persistent-threat (APT) attacks represent sophisticated attacks that are executed in multiple steps. In particular, network systems represent a common target for APT attacks where known or yet undiscovered vulnerabilities are exploited. For this reason, intrusion detection systems (IDS) are applied to identify malicious behavioural patterns in existing network datasets. In recent times, machine-learning (ML) algorithms are used to distinguish between benign and anomalous activity in such datasets. The application of such methods, especially autoencoders, has received attention for achieving good detection results for APT attacks. This paper builds on this fact and applies several autoencoder-based methods for the detection of such attack patterns in two datasets created by combining two publicly available benchmark datasets. In addition to that, statistical analysis is used to determine features to supplement the anomaly detection process. An anomaly detector is implemented and evaluated on a combination of both datasets, including two experiment instances–APT-attack detection in an independent test dataset and in a zero-day-attack test dataset. The conducted experiments provide promising results on the plausibility of features and the performance of applied algorithms. Finally, a discussion is provided with suggestions of improvements in the anomaly detector.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Anomaly Detection With Autoencodersmentioning

confidence: 99%

Section: Hyper-parameter Optimisationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 96%

See 2 more Smart Citations

APT-Attack Detection Based on Multi-Stage Autoencoders

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…Authors in [14] used a novel method that combines isolation forest and One Class Support Vector Machine (OCSVM) with an active learning method to detect attacks with no prior information. Authors in [15] used a two-stage approach combining a fast preprocessing or filtering method with a variation auto encoder using reconstruction probability. Authors in [16] performed a Distributed Denial of Service (DDoS) attack using the ping of death technique and detected it using RF algorithm by using the WEKA tool with classification accuracy of 99.76%.…”

Section: Related Workmentioning

confidence: 99%

Attack Detection in IoT using Machine Learning

Anwer

Khan

Farooq

et al. 2021

Eng. Technol. Appl. Sci. Res.

View full text Add to dashboard Cite

Many researchers have examined the risks imposed by the Internet of Things (IoT) devices on big companies and smart towns. Due to the high adoption of IoT, their character, inherent mobility, and standardization limitations, smart mechanisms, capable of automatically detecting suspicious movement on IoT devices connected to the local networks are needed. With the increase of IoT devices connected through internet, the capacity of web traffic increased. Due to this change, attack detection through common methods and old data processing techniques is now obsolete. Detection of attacks in IoT and detecting malicious traffic in the early stages is a very challenging problem due to the increase in the size of network traffic. In this paper, a framework is recommended for the detection of malicious network traffic. The framework uses three popular classification-based malicious network traffic detection methods, namely Support Vector Machine (SVM), Gradient Boosted Decision Trees (GBDT), and Random Forest (RF), with RF supervised machine learning algorithm achieving far better accuracy (85.34%). The dataset NSL KDD was used in the recommended framework and the performances in terms of training, predicting time, specificity, and accuracy were compared.

show abstract

Autoperman: Automatic Network Traffic Anomaly Detection with Ensemble Learning

Han

Zhang

et al. 2022

Advances in Artificial Intelligence and Security

View full text Add to dashboard Cite

Two Stage Anomaly Detection for Network Intrusion Detection

Cited by 11 publications

References 0 publications

APT-Attack Detection Based on Multi-Stage Autoencoders

APT-Attack Detection Based on Multi-Stage Autoencoders

Attack Detection in IoT using Machine Learning

Autoperman: Automatic Network Traffic Anomaly Detection with Ensemble Learning

Contact Info

Product

Resources

About