UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

Nkongolo, Mike; Deventer, J. P. van; Kasongo, Sydney Mambwe

doi:10.3390/info12100405

Cited by 17 publications

(61 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…That proposed method reduced the false alarm rate lower than the signaturebased method. Mike Nkongolo et al [75] proposed a novel dataset, UGRansome1819, to detect unknown network attacks like zero-day threats. That proposed dataset benefited from unknown attacks that were not explored before and could not be observed by known attacks that were more efficient than the KDD99 and NSL-KDD datasets.…”

Section: Deep Learning (Dl) and Machine Learning Based Nidsmentioning

confidence: 99%

Deep Analysis of Risks and Recent Trends Towards Network Intrusion Detection System

Shankar¹,

George²,

S³

et al. 2023

IJACSA

View full text Add to dashboard Cite

In the modern world, information security and communications concerns are growing due to increasing attacks and abnormalities. The presence of attacks and intrusion in the network may affect various fields such as social welfare, economic issues and data storage. Thus intrusion detection (ID) is a broad research area, and various methods have emerged over the years. Hence, detecting and classifying new attacks from several attacks are complicated tasks in the network. This review categorizes the security threats and challenges in the network by accessing present ID techniques. The major objective of this study is to review conventional tools and datasets for implementing network intrusion detection systems (NIDS) with open source malware scanning software. Furthermore, it examines and compares state-of-art NIDS approaches in regard to construction, deployment, detection, attack and validation parameters. This review deals with machine learning (ML) based and deep learning (DL) based NIDS techniques and then deliberates future research on unknown and known attacks.

show abstract

Section: Deep Learning (Dl) and Machine Learning Based Nidsmentioning

confidence: 99%

Deep Analysis of Risks and Recent Trends Towards Network Intrusion Detection System

Shankar¹,

George²,

S³

et al. 2023

IJACSA

View full text Add to dashboard Cite

show abstract

“…This Supervised Learning framework forms the basis for cyclostationary malware detection, with a focus on legacy datasets like the Knowledge Discovery and Data Mining (KDD99) and Network Security Laboratory-Knowledge Discovery and Data Mining (NSL-KDD), as illustrated in Figure 1. Our objective is to uncover cyclostationary patterns within these datasets, paralleled by the application of the cyclostationary dataset, UGRansome [13], to achieve the same goal. The Supervised Learning framework employs two key algorithms, the Support Vector Machine (SVM) and Random Forest (RF), selected for comparative analysis.…”

Section: Limitations In Existing Workmentioning

confidence: 99%

“…This imbalance signifies a scenario where one class is more prevalent than another. Consequently, the data distribution tilts in favor of a specific category, potentially biasing the Machine Learning classification outcomes towards that favored class [13]. The training set of the KDD99 dataset contains 4,898,431 rows, corresponding to 2,984,154 observations.…”

Section: The Kdd99 Datasetmentioning

confidence: 99%

“…The term cyclostationarity is employed to characterize the traffic patterns of zero-day threats [17], which can vary based on network attributes. This research analyzes the cyclostationarity of both known and unknown zero-day threats [16], driven by the dearth of cyclostationary datasets for Network Intrusion Detection Problems (NIDP) to comprehend the cyclostationarity of long-term evolving malware like zero-day threats. In contrast to previous methodologies, this article avoids unnecessary abstraction of cyclostationarity.…”

Section: Introductionmentioning

confidence: 99%

“…Experimental results concerning cyclostationary feature pattern recognition are presented in Section 4, while Section 5 furnishes the research's conclusions. A cyclostationary malware represents a type of network threat characterized by its irregular attributes that exhibit cyclic variations over time [13]. In the context of cyclostationary network traffic, the traffic can be divided into discrete segments such as T 1 , T 2 , ..., Tn, with the malwares often concealed within these anomalous traffic segments.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The Application of Cyclostationary Malware Detection Using Boruta and PCA

Nkongolo

Deventer

Kasongo

2022

Computer Networks and Inventive Communication Technologies

Self Cite

View full text Add to dashboard Cite

Cyclostationarity involves periodic statistical variations in signals and processes, commonly used in signal analysis and network security. In the context of attacks, cyclostationarity helps detect malicious behaviors within network traffic, such as traffic patterns in Distributed Denial of Service (DDoS) attacks or hidden communication channels in malware. This approach enhances security by identifying abnormal patterns and informing Network Intrusion Detection Systems (NIDSs) to recognize potential attacks, enhancing protection against both known and novel threats. This research focuses on identifying cyclostationary malware behavior and its detection. The main goal is to pinpoint essential cyclostationary features used in NIDSs. These features are extracted using algorithms such as Boruta and Principal Component Analysis (PCA), and then categorized to find the most significant cyclostationary patterns. The aim of this article is to reveal periodically changing malware behaviors through cyclostationarity. The study highlights the importance of spotting cyclostationary malware in NIDSs by using established datasets like KDD99, NSL-KDD, and the UGRansome dataset. The UGRansome dataset is designed for anomaly detection research and includes both normal and abnormal network threat categories of zeroday attacks. A comparison is made using the Random Forest (RF) and Support Vector Machine (SVM) algorithms, while also evaluating the effectiveness of Boruta and PCA. The findings show that PCA is more promising than using Boruta alone for extracting cyclostationary network feature patterns. Additionally, the analysis identifies the internet protocol as the most noticeable cyclostationary feature pattern used by malware. Notably, the UGRansome dataset outperforms the KDD99 and NSL-KDD, achieving 99% accuracy in signature malware detection using the RF algorithm and 98% with the SVM. The research suggests that the UGRansome dataset is a valuable choice for studying anomaly and cyclostationary malware detection efficiently. Lastly, the study recommends using the RF algorithm for effectively categorizing and detecting cyclostationary malware behaviors.

show abstract

Zero-Day Threats Detection for Critical Infrastructures

Nkongolo

Tokmak

2023

Communications in Computer and Information Science

View full text Add to dashboard Cite

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

Cited by 17 publications

References 55 publications

Deep Analysis of Risks and Recent Trends Towards Network Intrusion Detection System

Deep Analysis of Risks and Recent Trends Towards Network Intrusion Detection System

The Application of Cyclostationary Malware Detection Using Boruta and PCA

Zero-Day Threats Detection for Critical Infrastructures

Contact Info

Product

Resources

About