scispace - formally typeset
Search or ask a question
Author

Pedro García-Teodoro

Bio: Pedro García-Teodoro is an academic researcher from University of Granada. The author has contributed to research in topics: Intrusion detection system & Anomaly detection. The author has an hindex of 18, co-authored 77 publications receiving 2813 citations.


Papers
More filters
Journal ArticleDOI
TL;DR: The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.

1,712 citations

Journal ArticleDOI
TL;DR: A survey on current anomaly detection methods for network intrusion detection in classical wired environments and describes the problems addressed by these methods as well as the problems that still remain open.

175 citations

Journal ArticleDOI
TL;DR: A comprehensive review of existing datasets is first done, making emphasis on their main shortcomings, then a new dataset is presented that is built with real traffic and up-to-date attacks, usefulness for evaluating IDSs that consider long-term evolution and traffic periodicity.

147 citations

Journal ArticleDOI
TL;DR: A taxonomy of botnet research is proposed and it is concluded that all attempts to defeat botnets should be focused on one or more stages of this life-cycle, defined as the sequence of stages a botnet needs to pass through in order to reach its goal.
Abstract: Of all current threats to cybersecurity, botnets are at the top of the list. In consequence, interest in this problem is increasing rapidly among the research community and the number of publications on the question has grown exponentially in recent years. This article proposes a taxonomy of botnet research and presents a survey of the field to provide a comprehensive overview of all these contributions. Furthermore, we hope to provide researchers with a clear perspective of the gaps that remain to be filled in our defenses against botnets. The taxonomy is based upon the botnet's life-cycle, defined as the sequence of stages a botnet needs to pass through in order to reach its goal.This approach allows us to consider the problem of botnets from a global perspective, which constitutes a key difference from other taxonomies that have been proposed. Under this novel taxonomy, we conclude that all attempts to defeat botnets should be focused on one or more stages of this life-cycle. In fact, the sustained hindering of any of the stages makes it possible to thwart a botnet's progress and thus render it useless. We test the potential capabilities of our taxonomy by means of a survey of current botnet research, and find it genuinely useful in understanding the focus of the different contributions in this field.

111 citations

Journal ArticleDOI
TL;DR: A novel approach intended not just to early detect ransomware but to completely thwart its action, which does not require previous training or knowledge and allows fighting against unknown, zero-day ransomware related attacks.

102 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.

1,712 citations

Journal ArticleDOI
TL;DR: The complexity of ML/DM algorithms is addressed, discussion of challenges for using ML/ DM for cyber security is presented, and some recommendations on when to use a given method are provided.
Abstract: This survey paper describes a focused literature survey of machine learning (ML) and data mining (DM) methods for cyber analytics in support of intrusion detection. Short tutorial descriptions of each ML/DM method are provided. Based on the number of citations or the relevance of an emerging method, papers representing each method were identified, read, and summarized. Because data are so important in ML/DM approaches, some well-known cyber data sets used in ML/DM are described. The complexity of ML/DM algorithms is addressed, discussion of challenges for using ML/DM for cyber security is presented, and some recommendations on when to use a given method are provided.

1,704 citations

Journal ArticleDOI
TL;DR: This paper provides a comprehensive survey of anomaly detection systems and hybrid intrusion detection systems of the recent past and present and discusses recent technological trends in anomaly detection and identifies open problems and challenges in this area.

1,433 citations

Journal ArticleDOI
TL;DR: Through the extensive survey and sophisticated organization, this work proposes the taxonomy to outline modern IDSs and tries to give a more elaborate image for a comprehensive review.

1,102 citations