7,075 Hits in 4.2 sec

Continuous Features Discretization for Anomaly Intrusion Detectors Generation [article]

Amira Sayed A.Aziz, Ahmad Taher Azar, Aboul Ella Hassanien, Sanaa Al-Ola Hanafy
2014 arXiv   pre-print
In this paper, an algorithm propose use a discretization method for the continuous features selected for the intrusion detection, to create some homogeneity between values, which have different data types  ...  Biological systems have been inspiring scientists and designs for new adaptive solutions, such as genetic algorithms.  ...  For a Network-based IDS (NIDS), usually the network traffic is used to build a model and detect anomalous network activities.  ... 
arXiv:1403.1729v1 fatcat:r7pujw2uiffn3g3lh65jb32lmq

Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors

Vanessa Frias-Martinez, Salvatore J. Stolfo, Angelos D. Keromytis
2008 2008 Annual Computer Security Applications Conference (ACSAC)  
Anomaly Detection (AD) sensors compute behavior profiles to recognize malicious or anomalous activities.  ...  The behavior of a host raises an alert only when a group of host profiles with similar behavior (cluster of behavior profiles) detect the anomaly, rather than just relying on the host's own behavior profile  ...  We would like to thank Stefano Pacifico for his work on the CRAWDAD dataset.  ... 
doi:10.1109/acsac.2008.30 dblp:conf/acsac/Frias-MartinezSK08 fatcat:576urd2ngzavpjj7xqs4otdzwy

Collaborative Cloud IDS in Detecting Denial of Service by Dendritic Cell Mechanism

Azuan Ahmad, Faculty of Science and Technology, Universiti Sains Islam Malaysia, Malaysia, Mohd Nazri Kama, Azri Azmi, Norbik Bashah Idris
2019 International Journal of Electrical and Electronic Engineering & Telecommunications  
This paper aims to provide Denial of Service (DoS) detection for Cloud computing environment. As a result, we provide an experiment to examine the capability of the proposed system.  ...  We conclude the paper with a discussion on the results, then we include together with a graphical summary of the experiment's result.  Index Terms-cloud computing, information security, artificial immune  ...  In the last step, the potential anomalous antigen is determined based on the collected context as decided based on the antigens with greater mature value are classified as anomalous group while the opposite  ... 
doi:10.18178/ijeetc.8.4.188-193 fatcat:ag24zpa73rcpjm4ik5a4j4x2iy

Spark-Based Anomaly Detection: the Case of Port and Net Scan [article]

Antonia Affinito, Alessio Botta, Luigi Gallo, Mauro Garofalo, Giorgio Ventre
2019 arXiv   pre-print
We use a simple threshold-based algorithm, working at flow-level and adapt it for the execution on Apache Spark.  ...  The analysis shows that i) our traditional threshold-based algorithm is already able to achieve detection performance higher than MAWILab (in 95% of the considered cases with the best threshold value),  ...  One of the most popular methods for detecting scanning activity is based on fan-in fan-out ratio of the hosts: i.e. counting the number of incoming and outgoing flows and comparing their ratio with a threshold  ... 
arXiv:1806.11047v5 fatcat:4n337wkhljfjndujlvg3qd52jy

An Evolution Strategy Approach toward Rule-set Generation for Network Intrusion Detection Systems (IDS) [article]

Herve Kabamba Mbikayi
2012 arXiv   pre-print
Although most of the research works have been based on the use of genetic algorithms in IDS, this paper presents an approach toward the generation of rules for the identification of anomalous connections  ...  that can be used for detecting intrusions in intrusion detection systems.  ...  Two categories of IDS exist: Host-based IDS and Network-based IDS.  ... 
arXiv:1212.0170v1 fatcat:h6jft477y5g43kpazqi5jxk6ru

An Improved Dendritic Cells Algorithm for Detecting P2P Bots

Shoubao Su, Yu Su, Mingjuan Xu, Xianjin Fang
2016 International Journal of Grid and Distributed Computing  
To enhance the detection rate, a new model to detect P2P bots on an individual host is proposed by improving the dendritic cells algorithm (IDCA).  ...  The test experimental results show that the proposed method is effective to detect P2Pcontrolled bots on the host with low false positives.  ...  Experimental Environment for Peacomm Detection (2) Active (S2): In this session, the Peacomm bot is executed and runs on a monitored host.  ... 
doi:10.14257/ijgdc.2016.9.1.12 fatcat:qxoq54rxavhitmbtfwwyeyvhsq

Machine Learning Applications in Misuse and Anomaly Detection [chapter]

Jaydip Sen, Sidra Mehtab
2020 Ethics, Laws, and Policies for Privacy, Security, and Liability [Working Title]  
Some future directions of research in the design of algorithms for intrusion detection are also identified.  ...  In the anomaly detection approach, on the other hand, anomalous states in a system are identified based on a significant difference in the state transitions of the system from its normal states.  ...  Eskin proposed a mixture probability model on normal and anomalous data based on expectation maximization (EM) algorithms [35] .  ... 
doi:10.5772/intechopen.92653 fatcat:xxiwpddq3vgdljuyqgpmqzz3qm

An Implementation of Intrusion Detection System Using Genetic Algorithm

Mohammad Sazzadul Hoque
2012 International journal of network security and its applications  
Parameters and evolution processes for GA are discussed in details and implemented.  ...  In this progression, here we present an Intrusion Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions.  ...  [17] used GA to detect anomalous network behaviours based on information theory [19] [20] .  ... 
doi:10.5121/ijnsa.2012.4208 fatcat:j2gzbjnw7bgxfo2qxyhqfph6hq

Artificial Intelligence Techniques for Network Intrusion Detection

Karan Napanda, Harsh Shah, Lakhsmi Kurup
2015 International Journal of Engineering Research and  
These techniques were used to classify malicious activity and normal activity and base rules such that necessary actions can be committed to alert and prevent intrusion.  ...  This paper sheds light on techniques like ML, NEURAL NETWORK and Fuzzy Logic and how they can be coupled with INTRUSION DETECTION SYSTEM to detect attacks on private networks.  ...  A Host based IDS is device specific and seeks to detect malicious activity or anomalous behavior on the specific device.  ... 
doi:10.17577/ijertv4is110283 fatcat:kbpxtylihjepxees4c2apmidhy

A survey of network anomaly visualization

Tianye Zhang, Xumeng Wang, Zongzhuang Li, Fangzhou Guo, Yuxin Ma, Wei Chen
2017 Science China Information Sciences  
By providing an overview of network anomaly data, visualization tasks, and applications, we further elaborate on existing methods to depict various data features of network alerts, anomalous traffic, and  ...  Directions for future studies are outlined at the end of this paper.  ...  Locate active hosts and discovering subnet structures, together with long time observation that provides the possibility of detecting abnormal host activities, is quite convenient for analysts because  ... 
doi:10.1007/s11432-016-0428-2 fatcat:ss7es6m4czbtpov5la7ta46m4y

Malware traffic detection using tamper resistant features

Z. Berkay Celik, Robert J. Walls, Patrick McDaniel, Ananthram Swami
2015 MILCOM 2015 - 2015 IEEE Military Communications Conference  
In contrast to previous work, we eliminate features at risk of producing overly optimistic detection results , detect pre viously unobserved anomalous behavior, and rely only on tamper resistant features  ...  making it difficult for sophisticated mal ware to avoid detection.  ...  Our approach does not seek to detect all traffic activity of C2 channels (e. g. , [14] ), a group of compromised hosts that generate similar traffic patterns (e. g. , [15] ), or detect them during the  ... 
doi:10.1109/milcom.2015.7357464 dblp:conf/milcom/CelikWMS15 fatcat:ebj3zvxz6rbrfe6svdkhsxin5i


Gaurav Agrawal
2017 International Journal of Advanced Research in Computer Science  
Host based Intrusion Detection (HID) analyses the user activities and decides that the user is authorized or not.  ...  For protecting that information Intrusion Detection System (IDS) is placed in the system.  ...  Host based Intrusion Detection System (HIDS) It refers to intrusion that take place on a single host system.  ... 
doi:10.26483/ijarcs.v8i8.4771 fatcat:5opj6ja7ofe3pnl25sht3o5zbu

Toward Network Worm Victims Identification Based on Cascading Motif Discovery

Hangyu Hu, Mingda Wang, Mingyu Ouyang, Guangmin Hu
2019 Electronics  
If a cascading motif exists in a connected behavior graph of one host, the host would be identified as a suspicious worm victim; the excess amount of suspicious network worm victims is used to reveal the  ...  However, the performance of traditional packet-oriented signature-based methods is questionable in the face of unknown worms, while anomaly-based approaches often exhibit high false positive rates.  ...  Conclusions and Future Work The ability of an approach to detect and identify anomalous events that are active on a computer network is critical for network management and security.  ... 
doi:10.3390/electronics8020183 fatcat:5lc4gn4j3zht5bpqnu6vghzb6a

A Network Access Control Mechanism Based on Behavior Profiles

Vanessa Frias-Martinez, Joseph Sherrick, Salvatore J. Stolfo, Angelos D. Keromytis
2009 2009 Annual Computer Security Applications Conference  
Specifically, we achieve true rejection rates of 95% for anomalous user profiles separated by one standard deviation from the normal user network behavior.  ...  The BB-NAC mechanism was the first to introduce a novel Behavior-Based Network Access Control architecture based on behavior profiles and not rules, where behavior-based access control policies were automatically  ...  THE MORE ANOMALOUS THE PROFILES ARE, THE EASIER IT IS FOR THE CLUSTER DISTRIBUTION TO DETECT THEM.  ... 
doi:10.1109/acsac.2009.10 dblp:conf/acsac/Frias-MartinezSSK09 fatcat:4dxwtodskbaq3cub4omnaivbyy

Dendritic Cell Algorithm with Optimised Parameters Using Genetic Algorithm

Noe Elisa, Longzhi Yang, Nitin Naik
2018 2018 IEEE Congress on Evolutionary Computation (CEC)  
Inspired by the biological immune system, Dendritic Cell Algorithm (DCA) is a classification algorithm developed for the purpose of anomaly detection based on the danger theory and the functioning of human  ...  Intrusion detection systems are developed with the abilities to discriminate between normal and anomalous traffic behaviours.  ...  In contrast, Host-Based IDS are installed on a host to monitor traffics that are originating and coming to that particular hosts for suspicious activity [6] .  ... 
doi:10.1109/cec.2018.8477932 dblp:conf/cec/ElisaYN18 fatcat:4jhtauh7oncqxnnntkawy3pukm
« Previous Showing results 1 — 15 out of 7,075 results