Anomaly Detection for Application Level Network Attacks Using Payload Keywords

2007 ◽  
Author(s):  
Like Zhang ◽  
Gregory B. White
Keyword(s):  
Anomaly Detection ◽  
Network Attacks

Evaluation of Contemporary Anomaly Detection Systems (ADSs)

2011 ◽  
pp. 90-112
Author(s):  
Ayesha Binte Ashfaq ◽  
Syed Ali Khayam
Keyword(s):  
Anomaly Detection ◽  
Paradigm Shift ◽  
Roc Curves ◽  
Network Attacks ◽  
Detection Systems ◽  
Detection Delay

Due to the rapidly evolving nature of network attacks, a considerable paradigm shift has taken place with focus now on Network-based Anomaly Detection Systems (NADSs) that can detect zero-day attacks. At this time, it is important to evaluate existing anomaly detectors to determine and learn from their strengths and weaknesses. Thus we aim to evaluate the performance of eight prominent network-based anomaly detectors under malicious portscan attacks. These NADSs are evaluated on three criteria: accuracy (ROC curves), scalability (with respect to varying normal and attack traffic rates, and deployment points) and detection delay. Based on our experiments, we identify promising guidelines to improve the accuracy and scalability of existing and future anomaly detectors. We show that the proposed guidelines provide considerable and consistent accuracy improvements for all evaluated NADSs.

scholarly journals UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

Information ◽  
2021 ◽  
Vol 12 (10) ◽  
pp. 405
Author(s):  
Mike Nkongolo ◽  
Jacobus Philippus van Deventer ◽  
Sydney Mambwe Kasongo
Keyword(s):  
Anomaly Detection ◽  
Cross Validation ◽  
Real Life ◽  
False Alarms ◽  
Network Node ◽  
Random Forest Algorithm ◽  
Network Attacks ◽  
Advanced Persistent Threats ◽  
Life Threatening ◽  
Feature Pattern

This research attempts to introduce the production methodology of an anomaly detection dataset using ten desirable requirements. Subsequently, the article presents the produced dataset named UGRansome, created with up-to-date and modern network traffic (netflow), which represents cyclostationary patterns of normal and abnormal classes of threatening behaviours. It was discovered that the timestamp of various network attacks is inferior to one minute and this feature pattern was used to record the time taken by the threat to infiltrate a network node. The main asset of the proposed dataset is its implication in the detection of zero-day attacks and anomalies that have not been explored before and cannot be recognised by known threats signatures. For instance, the UDP Scan attack has been found to utilise the lowest netflow in the corpus, while the Razy utilises the highest one. In turn, the EDA2 and Globe malware are the most abnormal zero-day threats in the proposed dataset. These feature patterns are included in the corpus, but derived from two well-known datasets, namely, UGR’16 and ransomware that include real-life instances. The former incorporates cyclostationary patterns while the latter includes ransomware features. The UGRansome dataset was tested with cross-validation and compared to the KDD99 and NSL-KDD datasets to assess the performance of Ensemble Learning algorithms. False alarms have been minimized with a null empirical error during the experiment, which demonstrates that implementing the Random Forest algorithm applied to UGRansome can facilitate accurate results to enhance zero-day threats detection. Additionally, most zero-day threats such as Razy, Globe, EDA2, and TowerWeb are recognised as advanced persistent threats that are cyclostationary in nature and it is predicted that they will be using spamming and phishing for intrusion. Lastly, achieving the UGRansome balance was found to be NP-Hard due to real life-threatening classes that do not have a uniform distribution in terms of several instances.

scholarly journals A DOUBLE-SHRINK AUTOENCODER FOR NETWORK ANOMALY DETECTION

2020 ◽  
Vol 36 (2) ◽  
pp. 159-172
Author(s):  
Cong Thanh Bui ◽  
Loi Cao Van ◽  
Minh Hoang ◽  
Quang Uy Nguyen
Keyword(s):  
Machine Learning ◽  
Anomaly Detection ◽  
State Of The Art ◽  
The State ◽  
The Internet ◽  
Learning Methods ◽  
Network Attacks ◽  
Machine Learning Methods ◽  
Pull Out ◽  
Network Anomaly Detection

The rapid development of the Internet and the wide spread of its applications has affected many aspects of our life. However, this development also makes the cyberspace more vulnerable to various attacks. Thus, detecting and preventing these attacks are crucial for the next development of the Internet and its services. Recently, machine learning methods have been widely adopted in detecting network attacks. Among many machine learning methods, AutoEncoders (AEs) are known as the state-of-the-art techniques for network anomaly detection. Although, AEs have been successfully applied to detect many types of attacks, it is often unable to detect some difficult attacks that attempt to mimic the normal network traffic. In order to handle this issue, we propose a new model based on AutoEncoder called Double-Shrink AutoEncoder (DSAE). DSAE put more shrinkage on the normal data in the middle hidden layer. This helps to pull out some anomalies that are very similar to normal data. DSAE are evaluated on six well-known network attacks datasets. The experimental results show that our model performs competitively to the state-of-the-art model, and often out-performs this model on the attacks group that is difficult for the previous methods.

scholarly journals Risk Data Analysis Based Anomaly Detection of Ship Information System

Energies ◽  
2018 ◽  
Vol 11 (12) ◽  
pp. 3403 ◽  
Author(s):  
Bowen Xing ◽  
Yafeng Jiang ◽  
Yuqing Liu ◽  
Shouqi Cao
Keyword(s):  
Information System ◽  
Data Analysis ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Detection Method ◽  
Control Task ◽  
Detection Mechanism ◽  
Network Attacks ◽  
Collaborative Control ◽  
Industrial State

Due to the vulnerability and high risk of the ship environment, the Ship Information System (SIS) should provide 24 hours of uninterrupted protection against network attacks. Therefore, the corresponding intrusion detection mechanism is proposed for this situation. Based on the collaborative control structure of SIS, this paper proposes an anomaly detection pattern based on risk data analysis. An intrusion detection method based on the critical state is proposed, and the corresponding analysis algorithm is given. In the Industrial State Modeling Language (ISML), risk data are determined by all relevant data, even in different subsystems. In order to verify the attack recognition effect of the intrusion detection mechanism, this paper takes the course/roll collaborative control task as an example to carry out simulation verification of the effectiveness of the intrusion detection mechanism.

Anomaly Detection in Sensor Data

2018 ◽  
Vol 18 (1) ◽  
pp. 20-32 ◽  
Author(s):  
Jong-Min Kim ◽  
Jaiwook Baik
Keyword(s):  
Anomaly Detection ◽  
Sensor Data

An Anomaly Detection Method with Exemplar Subsequence for Time Series Data

2016 ◽  
Vol 136 (3) ◽  
pp. 363-372
Author(s):  
Takaaki Nakamura ◽  
Makoto Imamura ◽  
Masashi Tatedoko ◽  
Norio Hirai
Keyword(s):  
Time Series ◽  
Anomaly Detection ◽  
Time Series Data ◽  
Detection Method ◽  
Series Data

Proposal of the Anomaly Detection Method of Live-alone by LOF using Multiple Sensors

2015 ◽  
Vol 135 (12) ◽  
pp. 749-755
Author(s):  
Taiyo Matsumura ◽  
Ippei Kamihira ◽  
Katsuma Ito ◽  
Takashi Ono
Keyword(s):  
Anomaly Detection ◽  
Detection Method ◽  
Multiple Sensors
Sign in / Sign up

Export Citation Format

Share Document