Search results for "Intrusion Detection"

showing 10 items of 69 documents

A Behavior-Based Intrusion Detection System Using Ensemble Learning Techniques

2022

Intrusion Detection Systems (IDSs) play a key role in modern ICT security. Attacks detected and reported by IDSs are often analyzed by administrators who are tasked with countering the attack and minimizing its damage. Consequently, it is important that the alerts generated by the IDS are as detailed as possible. In this paper, we present a multi-layered behavior-based IDS using ensemble learning techniques for the classification of network attacks. Three widely adopted and appreciated models, i.e., Decision Trees, Random Forests, and Artificial Neural Networks, have been chosen to build the ensemble. To reduce the system response time, our solution is designed to immediately filter out tra…

Settore ING-INF/05 - Sistemi Di Elaborazione Delle InformazioniIntrusion Detection Ensemble Learning Behavior-Based IDS
researchProduct

Learning temporal patterns for anomaly intrusion detection

2002

For the last decade an explosive spread of computer systems and computer networks has resulted in a society that is increasingly dependent on information stored on these systems. A computer system connected to the network is accessible from another computer in this network regardless of its geographical position. Along with providing many benefits for legitimate users this technology creates almost unlimited opportunities for malicious persons, which using software vulnerabilities may successfully penetrate the networked computer systems. In order to eliminate potential devastating consequences caused by breaches in computer systems, more and more attention is drawn to the information secur…

SoftwareOrder (exchange)Network securitybusiness.industryComputer scienceVulnerabilityPattern matchingIntrusion detection systemInformation securityComputer securitycomputer.software_genrebusinesscomputerProceedings of the 2002 ACM symposium on Applied computing
researchProduct

Honeypot Utilization for Network Intrusion Detection

2018

For research purposes, a honeypot is a system that enables observing attacker’s actions in different phases of a cyberattack. In this study, a honeypot called Kippo was used to identify attack behavior in Finland. The gathered data consisted of dictionary attack login attempts, attacker location, and actions after successful login. From the data, attacker behavior was analyzed. Differentiating bots from human actors, linking scanning activity to further attack steps, and identifying malware and tracking malware sites were all done. The knowledge gained could be used to enhance an organization’s cyber resiliency by identifying attacker motivations and the tools used. Automating analysis of h…

Software_OPERATINGSYSTEMSDictionary attackHoneypotComputer science020206 networking & telecommunications02 engineering and technology021001 nanoscience & nanotechnologycomputer.software_genreComputer securityLoginComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS0202 electrical engineering electronic engineering information engineeringMalwareNetwork intrusion detection0210 nano-technologycomputerSecurity system
researchProduct

Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol

2015

Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on the analysis of packet payload. For this reason, we concentrate on statistics that can be extracted from packet headers. Based on these statistics, we build a model of normal user behavior by using several data mining algorithms. Once the model has been built, it is used to detect DoS attacks. The proposed framework is tested on the data obtained w…

Transport Layer SecurityNetwork securitybusiness.industryNetwork packetComputer scienceComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSDenial-of-service attackIntrusion detection systemcomputer.software_genreApplication layerAnomaly detectionThe InternetData miningbusinesscomputerComputer network
researchProduct

Intruder Pattern Identification

2008

This paper considers the problem of intrusion detection in information systems as a classification problem. In particular the case of masquerader is treated. This kind of intrusion is one of the more difficult to discover because it may attack already open user sessions. Moreover, this problem is complex because of the large variability of user models and the lack of available data for the learning purpose. Here, flexible and robust similarity measures, suitable also for non-numeric data, are defined, they will be incorporated on a one-class training K N N and compared with several classification methods proposed in the literature using the Masquerading User Data set (www.schonlau.net) repr…

UnixSimilarity (geometry)Settore INF/01 - Informaticabusiness.industryComputer scienceIntrusion detection systemSimilarity measurecomputer.software_genreMachine learningPattern identificationData setIntrusionOne class calssifier Masquerader detection Intrusion detection systemsInformation systemData miningArtificial intelligencebusinesscomputer
researchProduct

Privacy Violation Classification of Snort Ruleset

2010

Published version of a paper presented at the 2010 18th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). (c) 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. Paper also available from the publisher:http://dx.doi.org/10.1109/PDP.2010.87 It is important to analyse the privacy impact of Intrusion Detection System (IDS) rules, in order to understand a…

VDP::Mathematics and natural science: 400::Information and communication science: 420::Security and vulnerability: 424Information privacyNaive Bayes classifierComputer scienceRelational databasePrivacy softwareData securityConfidentialityNetwork monitoringIntrusion detection systemData miningcomputer.software_genrecomputer
researchProduct

A roadmap towards improving managed security services from a privacy perspective

2014

Published version of an article in the journal: Ethics and Information Technology. Also available from the publisher at: http://dx.doi.org/10.1007/s10676-014-9348-3 This paper proposes a roadmap for how privacy leakages from outsourced managed security services using intrusion detection systems can be controlled. The paper first analyses the risk of leaking private or confidential information from signature-based intrusion detection systems. It then discusses how the situation can be improved by developing adequate privacy enforcement methods and privacy leakage metrics in order to control and reduce the leakage of private and confidential information over time. Such metrics should allow fo…

VDP::Mathematics and natural science: 400::Information and communication science: 420::Security and vulnerability: 424Information privacymanaged security servicesPrivacy by Designbusiness.industryComputer scienceDigital forensicsBig dataethical awarenesssecurityIntrusion detection systemLibrary and Information SciencesprivacyComputer securitycomputer.software_genreComputer Science ApplicationsOutsourcingInformation sensitivityintrusion detection and prevention systemsoutsourcingbusinesscomputerRegister of data controllersEthics and Information Technology
researchProduct

An accurate and efficient collaborative intrusion detection framework to secure vehicular networks

2015

Display Omitted We design and implement an accurate and lightweight intrusion detection framework, called AECFV.AECFV aims to protect the vehicular ad hoc networks (VANETs) against the most dangerous attacks that could occurred on this network.AECFV take into account the VANET's characteristics such as high node's mobility and rapid topology change.AECFV exhibits a high detection rate, low false positive rate, faster attack detection, and lower communication overhead. The advancement of wireless communication leads researchers to develop and conceive the idea of vehicular networks, also known as vehicular ad hoc networks (VANETs). Security in such network is mandatory due to a vital informa…

Vehicular ad hoc networksEngineeringVehicular ad hoc networkOverheadGeneral Computer Sciencebusiness.industryWireless ad hoc networkIntrusion detection systemNode (networking)Detection rateIntrusion detection system[SPI]Engineering Sciences [physics]Control and Systems EngineeringWirelessOverhead (computing)False positive rateElectrical and Electronic EngineeringDetection timebusinessCluster analysisComputer networkVulnerability (computing)Computers & Electrical Engineering
researchProduct

Anomaly Detection from Network Logs Using Diffusion Maps

2011

The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done by applying diffusion maps. The method is adaptive and thus does not need training before analysis. We tested the method with data that includes normal and intrusive traffic to a web server. This approach finds all intrusions in the dataset. peerReviewed

Web serverComputer scienceintrusion detectionDimensionality reductionFeature matrixDiffusion mapdiffusion maphyökkäyksen havaitseminenIntrusion detection systemcomputer.software_genreanomaly detectionpoikkeavuuden havaitseminendiffuusiokarttakoneoppiminenAnomaly detectionData miningtiedonlouhintan-grammitcomputern-grams
researchProduct

Data Stream Clustering for Application-Layer DDoS Detection in Encrypted Traffic

2018

Application-layer distributed denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed using legitimate requests from legitimately connected network machines that make these attacks undetectable by signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer, making it even harder to detect an attacker’s activity without decrypting users’ network traffic, and therefore violating their privacy. In this paper, we present a method that allows us to detect various application-l…

Web serverbusiness.industryComputer scienceNetwork packetDenial-of-service attackIntrusion detection systemEncryptioncomputer.software_genreApplication layerData stream clusteringbusinesscomputerVirtual networkComputer network
researchProduct