Algorithm for detecting anomalous hosts based on group activity evolution.

In this paper, an algorithm propose use a discretization method for the continuous features selected for the intrusion detection, to create some homogeneity between values, which have different data types ... Biological systems have been inspiring scientists and designs for new adaptive solutions, such as genetic algorithms. ... For a Network-based IDS (NIDS), usually the network traffic is used to build a model and detect anomalous network activities. ...

arXiv:1403.1729v1 fatcat:r7pujw2uiffn3g3lh65jb32lmq

Anomaly Detection (AD) sensors compute behavior profiles to recognize malicious or anomalous activities. ... The behavior of a host raises an alert only when a group of host profiles with similar behavior (cluster of behavior profiles) detect the anomaly, rather than just relying on the host's own behavior profile ... We would like to thank Stefano Pacifico for his work on the CRAWDAD dataset. ...

doi:10.1109/acsac.2008.30 dblp:conf/acsac/Frias-MartinezSK08 fatcat:576urd2ngzavpjj7xqs4otdzwy

This paper aims to provide Denial of Service (DoS) detection for Cloud computing environment. As a result, we provide an experiment to examine the capability of the proposed system. ... We conclude the paper with a discussion on the results, then we include together with a graphical summary of the experiment's result.  Index Terms-cloud computing, information security, artificial immune ... In the last step, the potential anomalous antigen is determined based on the collected context as decided based on the antigens with greater mature value are classified as anomalous group while the opposite ...

doi:10.18178/ijeetc.8.4.188-193 fatcat:ag24zpa73rcpjm4ik5a4j4x2iy

We use a simple threshold-based algorithm, working at flow-level and adapt it for the execution on Apache Spark. ... The analysis shows that i) our traditional threshold-based algorithm is already able to achieve detection performance higher than MAWILab (in 95% of the considered cases with the best threshold value), ... One of the most popular methods for detecting scanning activity is based on fan-in fan-out ratio of the hosts: i.e. counting the number of incoming and outgoing flows and comparing their ratio with a threshold ...

arXiv:1806.11047v5 fatcat:4n337wkhljfjndujlvg3qd52jy

Multiple Versions

Although most of the research works have been based on the use of genetic algorithms in IDS, this paper presents an approach toward the generation of rules for the identification of anomalous connections ... that can be used for detecting intrusions in intrusion detection systems. ... Two categories of IDS exist: Host-based IDS and Network-based IDS. ...

arXiv:1212.0170v1 fatcat:h6jft477y5g43kpazqi5jxk6ru

To enhance the detection rate, a new model to detect P2P bots on an individual host is proposed by improving the dendritic cells algorithm (IDCA). ... The test experimental results show that the proposed method is effective to detect P2Pcontrolled bots on the host with low false positives. ... Experimental Environment for Peacomm Detection (2) Active (S2): In this session, the Peacomm bot is executed and runs on a monitored host. ...

doi:10.14257/ijgdc.2016.9.1.12 fatcat:qxoq54rxavhitmbtfwwyeyvhsq

Some future directions of research in the design of algorithms for intrusion detection are also identified. ... In the anomaly detection approach, on the other hand, anomalous states in a system are identified based on a significant difference in the state transitions of the system from its normal states. ... Eskin proposed a mixture probability model on normal and anomalous data based on expectation maximization (EM) algorithms [35] . ...

doi:10.5772/intechopen.92653 fatcat:xxiwpddq3vgdljuyqgpmqzz3qm

Open Access Multiple Versions

Parameters and evolution processes for GA are discussed in details and implemented. ... In this progression, here we present an Intrusion Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. ... [17] used GA to detect anomalous network behaviours based on information theory [19] [20] . ...

doi:10.5121/ijnsa.2012.4208 fatcat:j2gzbjnw7bgxfo2qxyhqfph6hq

Multiple Versions

These techniques were used to classify malicious activity and normal activity and base rules such that necessary actions can be committed to alert and prevent intrusion. ... This paper sheds light on techniques like ML, NEURAL NETWORK and Fuzzy Logic and how they can be coupled with INTRUSION DETECTION SYSTEM to detect attacks on private networks. ... A Host based IDS is device specific and seeks to detect malicious activity or anomalous behavior on the specific device. ...

doi:10.17577/ijertv4is110283 fatcat:kbpxtylihjepxees4c2apmidhy

By providing an overview of network anomaly data, visualization tasks, and applications, we further elaborate on existing methods to depict various data features of network alerts, anomalous traffic, and ... Directions for future studies are outlined at the end of this paper. ... Locate active hosts and discovering subnet structures, together with long time observation that provides the possibility of detecting abnormal host activities, is quite convenient for analysts because ...

doi:10.1007/s11432-016-0428-2 fatcat:ss7es6m4czbtpov5la7ta46m4y

In contrast to previous work, we eliminate features at risk of producing overly optimistic detection results , detect pre viously unobserved anomalous behavior, and rely only on tamper resistant features ... making it difficult for sophisticated mal ware to avoid detection. ... Our approach does not seek to detect all traffic activity of C2 channels (e. g. , [14] ), a group of compromised hosts that generate similar traffic patterns (e. g. , [15] ), or detect them during the ...

doi:10.1109/milcom.2015.7357464 dblp:conf/milcom/CelikWMS15 fatcat:ebj3zvxz6rbrfe6svdkhsxin5i

Host based Intrusion Detection (HID) analyses the user activities and decides that the user is authorized or not. ... For protecting that information Intrusion Detection System (IDS) is placed in the system. ... Host based Intrusion Detection System (HIDS) It refers to intrusion that take place on a single host system. ...

doi:10.26483/ijarcs.v8i8.4771 fatcat:5opj6ja7ofe3pnl25sht3o5zbu

Open Access

If a cascading motif exists in a connected behavior graph of one host, the host would be identified as a suspicious worm victim; the excess amount of suspicious network worm victims is used to reveal the ... However, the performance of traditional packet-oriented signature-based methods is questionable in the face of unknown worms, while anomaly-based approaches often exhibit high false positive rates. ... Conclusions and Future Work The ability of an approach to detect and identify anomalous events that are active on a computer network is critical for network management and security. ...

doi:10.3390/electronics8020183 fatcat:5lc4gn4j3zht5bpqnu6vghzb6a

DOAJ

Specifically, we achieve true rejection rates of 95% for anomalous user profiles separated by one standard deviation from the normal user network behavior. ... The BB-NAC mechanism was the first to introduce a novel Behavior-Based Network Access Control architecture based on behavior profiles and not rules, where behavior-based access control policies were automatically ... THE MORE ANOMALOUS THE PROFILES ARE, THE EASIER IT IS FOR THE CLUSTER DISTRIBUTION TO DETECT THEM. ...

doi:10.1109/acsac.2009.10 dblp:conf/acsac/Frias-MartinezSSK09 fatcat:4dxwtodskbaq3cub4omnaivbyy

Inspired by the biological immune system, Dendritic Cell Algorithm (DCA) is a classification algorithm developed for the purpose of anomaly detection based on the danger theory and the functioning of human ... Intrusion detection systems are developed with the abilities to discriminate between normal and anomalous traffic behaviours. ... In contrast, Host-Based IDS are installed on a host to monitor traffics that are originating and coming to that particular hosts for suspicious activity [6] . ...

doi:10.1109/cec.2018.8477932 dblp:conf/cec/ElisaYN18 fatcat:4jhtauh7oncqxnnntkawy3pukm

Continuous Features Discretization for Anomaly Intrusion Detectors Generation [article]

Preserved Fulltext

Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors

Preserved Fulltext

Collaborative Cloud IDS in Detecting Denial of Service by Dendritic Cell Mechanism

Preserved Fulltext

Spark-Based Anomaly Detection: the Case of Port and Net Scan [article]

Preserved Fulltext

Other Versions

An Evolution Strategy Approach toward Rule-set Generation for Network Intrusion Detection Systems (IDS) [article]

Preserved Fulltext

An Improved Dendritic Cells Algorithm for Detecting P2P Bots

Preserved Fulltext

Machine Learning Applications in Misuse and Anomaly Detection [chapter]

Preserved Fulltext

Other Versions

An Implementation of Intrusion Detection System Using Genetic Algorithm

Preserved Fulltext

Artificial Intelligence Techniques for Network Intrusion Detection

Preserved Fulltext

A survey of network anomaly visualization

Preserved Fulltext

Malware traffic detection using tamper resistant features

Preserved Fulltext

A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS

Preserved Fulltext

Toward Network Worm Victims Identification Based on Cascading Motif Discovery

Preserved Fulltext

A Network Access Control Mechanism Based on Behavior Profiles

Preserved Fulltext

Dendritic Cell Algorithm with Optimised Parameters Using Genetic Algorithm

Preserved Fulltext