Anomaly‐based intrusion detection systems: The requirements, methods, measurements, and datasets
International audience; With the Internet's unprecedented growth and nations' reliance on computer networks, new cyber‐attacks are created every day as means for achieving financial gain, imposing political agendas, and developing cyberwarfare arsenals. Network security is thus acquiring increasing attention among researchers, practitioners, network architects, policy makers, and others. To defend organizations' networks from existing, foreseen, and future threats, intrusion detection systems (IDSs) are becoming a must. Existing surveys on anomaly‐based IDS (AIDS) focus on specific components such as detection mechanisms and lack many others. In contrast to existing surveys, this article co…
A critical review on the implementation of static data sampling techniques to detect network attacks
International audience; Given that the Internet traffic speed and volume are growing at a rapid pace, monitoring the network in a real-time manner has introduced several issues in terms of computing and storage capabilities. Fast processing of traffic data and early warnings on the detected attacks are required while maintaining a single pass over the traffic measurements. To palliate these problems, one can reduce the amount of traffic to be processed by using a sampling technique and detect the attacks based on the sampled traffic. Different parameters have an impact on the efficiency of this process, mainly, the applied sampling policy and sampling ratio. In this paper, we investigate th…
Efficient anomaly detection on sampled data streams with contaminated phase I data
International audience; Control chart algorithms aim to monitor a process over time. This process consists of two phases. Phase I, also called the learning phase, estimates the normal process parameters, then in Phase II, anomalies are detected. However, the learning phase itself can contain contaminated data such as outliers. If left undetected, they can jeopardize the accuracy of the whole chart by affecting the computed parameters, which leads to faulty classifications and defective data analysis results. This problem becomes more severe when the analysis is done on a sample of the data rather than the whole data. To avoid such a situation, Phase I quality must be guaranteed. The purpose…
Toward fast and accurate emergency cases detection in BSNs
International audience; In body sensor networks (BSNs), medical sensors capture physiological data from the human body and send them to the coordinator who act as a gateway to health care. The main aim of BSNs is to save peoples' lives. Therefore, fast and correct detection of emergencies while maintaining low-energy consumption of sensors is essential requirement of BSNs. In this study, the authors propose a new adaptive data sampling approach, where the sampling ratio is adapted based on the sensed data variation. The idea is to use the modified version of the cumulative sum (CUSUM) algorithm (modified CUSUM) that they previously proposed for wireless sensor networks to monitor the data v…