Journal ArticleDOI
Anomaly-based network intrusion detection: Techniques, systems and challenges
Reads0
Chats0
TLDR
The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.About:
This article is published in Computers & Security.The article was published on 2009-02-01. It has received 1712 citations till now. The article focuses on the topics: Anomaly-based intrusion detection system & Intrusion detection system.read more
Citations
More filters
Journal ArticleDOI
A GA-LR wrapper approach for feature selection in network intrusion detection☆
TL;DR: A wrapper approach based on a genetic algorithm as a search strategy and logistic regression as a learning algorithm for network intrusion detection systems to select the best subset of features to increase the accuracy and the classification performance of the IDS.
Patent
Context aware network security monitoring for threat detection
TL;DR: In this article, the authors present a method to determine when there is a difference between the behavior profile for at least one user and the baseline behaviour profile for the user(s).
Data preprocessing for anomaly based network intrusion detection : a review
Jonathan J. Davis,Andrew Clark +1 more
TL;DR: The review finds that many NIDS limit their view of network traffic to the TCP/IP packet headers, and shows a trend toward deeper packet inspection to construct more relevant features through targeted content parsing.
Journal ArticleDOI
Data preprocessing for anomaly based network intrusion detection: A review
Jonathan J. Davis,Andrew Clark +1 more
TL;DR: In this paper, a review of data preprocessing techniques used by anomaly-based network intrusion detection systems (NIDS), concentrating on which aspects of the network traffic are analyzed, and what feature construction and selection methods have been used.
Proceedings ArticleDOI
DÏoT: A Federated Self-learning Anomaly Detection System for IoT
Thien Duc Nguyen,Samuel Marchal,Markus Miettinen,Hossein Fereidooni,Nadarajah Asokan,Ahmad-Reza Sadeghi +5 more
Abstract: IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration. As a result, many networks already have vulnerable IoT devices that are easy to compromise. This has led to a new category of malware specifically targeting IoT devices. However, existing intrusion detection techniques are not effective in detecting compromised IoT devices given the massive scale of the problem in terms of the number of different types of devices and manufacturers involved. In this paper, we present DIoT, an autonomous self-learning distributed system for detecting compromised IoT devices. DIoT builds effectively on device-type-specific communication profiles without human intervention nor labeled data that are subsequently used to detect anomalous deviations in devices' communication behavior, potentially caused by malicious adversaries. DIoT utilizes a federated learning approach for aggregating behavior profiles efficiently. To the best of our knowledge, it is the first system to employ a federated learning approach to anomaly-detection-based intrusion detection. Consequently, DIoT can cope with emerging new and unknown attacks. We systematically and extensively evaluated more than 30 off-the-shelf IoT devices over a long term and show that DIoT is highly effective (95.6% detection rate) and fast (257 ms) at detecting devices compromised by, for instance, the infamous Mirai malware. DIoT reported no false alarms when evaluated in a real-world smart home deployment setting.
References
More filters
Journal ArticleDOI
LOF: identifying density-based local outliers
TL;DR: This paper contends that for many scenarios, it is more meaningful to assign to each object a degree of being an outlier, called the local outlier factor (LOF), and gives a detailed formal analysis showing that LOF enjoys many desirable properties.
Book ChapterDOI
Fast effective rule induction
TL;DR: This paper evaluates the recently-proposed rule learning algorithm IREP on a large and diverse collection of benchmark problems, and proposes a number of modifications resulting in an algorithm RIPPERk that is very competitive with C4.5 and C 4.5rules with respect to error rates, but much more efficient on large samples.
Book
Outliers in Statistical Data
Vic Barnett,Toby Lewis +1 more
TL;DR: In this article, the authors present an updated version of the reference work on outliers, including new areas of study such as outliers in direction data as well as developments in fields such as discordancy tests for univariate and multivariate samples.
Journal ArticleDOI
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.