Search results for " intrusion detection"

showing 3 items of 13 documents

Honeypot Utilization for Network Intrusion Detection

2018

For research purposes, a honeypot is a system that enables observing attacker’s actions in different phases of a cyberattack. In this study, a honeypot called Kippo was used to identify attack behavior in Finland. The gathered data consisted of dictionary attack login attempts, attacker location, and actions after successful login. From the data, attacker behavior was analyzed. Differentiating bots from human actors, linking scanning activity to further attack steps, and identifying malware and tracking malware sites were all done. The knowledge gained could be used to enhance an organization’s cyber resiliency by identifying attacker motivations and the tools used. Automating analysis of h…

Software_OPERATINGSYSTEMSDictionary attackHoneypotComputer science020206 networking & telecommunications02 engineering and technology021001 nanoscience & nanotechnologycomputer.software_genreComputer securityLoginComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS0202 electrical engineering electronic engineering information engineeringMalwareNetwork intrusion detection0210 nano-technologycomputerSecurity system
researchProduct

Intruder Pattern Identification

2008

This paper considers the problem of intrusion detection in information systems as a classification problem. In particular the case of masquerader is treated. This kind of intrusion is one of the more difficult to discover because it may attack already open user sessions. Moreover, this problem is complex because of the large variability of user models and the lack of available data for the learning purpose. Here, flexible and robust similarity measures, suitable also for non-numeric data, are defined, they will be incorporated on a one-class training K N N and compared with several classification methods proposed in the literature using the Masquerading User Data set (www.schonlau.net) repr…

UnixSimilarity (geometry)Settore INF/01 - Informaticabusiness.industryComputer scienceIntrusion detection systemSimilarity measurecomputer.software_genreMachine learningPattern identificationData setIntrusionOne class calssifier Masquerader detection Intrusion detection systemsInformation systemData miningArtificial intelligencebusinesscomputer
researchProduct

An Efficient Network Log Anomaly Detection System Using Random Projection Dimensionality Reduction

2014

Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find previously unknown attacks, which is why anomaly detection is needed. However, many new systems are slow and complicated. We propose a log anomaly detection framework which aims to facilitate quick anomaly detection and also provide visualizations of the network traffic structure. The system preprocesses network logs into a numerical data matrix, reduces the dimensionality of this matrix using random projection and uses Mahalanobis distance to find outliers and calculate an a…

ta113random projectionMahalanobis distanceComputer sciencebusiness.industryAnomaly-based intrusion detection systemintrusion detectionDimensionality reductionRandom projectionPattern recognitionIntrusion detection systemcomputer.software_genrekoneoppiminenAnomaly detectionData miningArtificial intelligencetiedonlouhintaAnomaly (physics)mahalanobis distancebusinesscomputerCurse of dimensionality2014 6th International Conference on New Technologies, Mobility and Security (NTMS)
researchProduct