scholarly journals Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

2017 ◽  
Vol 2017 ◽  
pp. 1-9 ◽  
Author(s):  
Ru Zhang ◽  
Yanyu Huo ◽  
Jianyi Liu ◽  
Fangyu Weng
Keyword(s):  
Intrusion Detection ◽  
Transfer Matrix ◽  
Fuzzy Clustering ◽  
Attack Detection ◽  
New Method ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Actual Situation ◽  
Detection Systems ◽  
Attack Models

The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

scholarly journals Presenting a New Method to Classify Alerts Received from Intrusion Detection Systems

2016 ◽  
Vol 10 (9) ◽  
pp. 191
Author(s):  
Farshid Pourabbas ◽  
Adem Karahoca
Keyword(s):  
Intrusion Detection ◽  
Data Exchange ◽  
Important Task ◽  
New Method ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Systems ◽  
Correlation Methods ◽  
Internet Networks ◽  
Day By Day

With the growth of the internet networks today, security of data exchange is considered as an important task. Therefore, the use of security tools is increasing day by day. Intrusion detection systems are among these tools. They are only able to labela message received from a network as‘alert’,but they are unable to describe system status. Some methods have been developed to solve the above problem through correlating the alerts received from intrusion detection systems. By correlating the interrelated alerts, the methods would be able to describe system status. One of the steps of correlation methods of alerts is to classify them. System status can be described better when classification is performed efficiently. Here, we present a method for classifying alerts.

scholarly journals Multivariable Heuristic Approach to Intrusion Detection in Network Environments

Entropy ◽  
2021 ◽  
Vol 23 (6) ◽  
pp. 776
Author(s):  
Marcin Niemiec ◽  
Rafał Kościej ◽  
Bartłomiej Gdowski
Keyword(s):  
Intrusion Detection ◽  
Heuristic Algorithm ◽  
Detection Algorithm ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Thresholds ◽  
Detection Systems ◽  
Different Types ◽  
Ongoing Development ◽  
Network Environments

The Internet is an inseparable part of our contemporary lives. This means that protection against threats and attacks is crucial for major companies and for individual users. There is a demand for the ongoing development of methods for ensuring security in cyberspace. A crucial cybersecurity solution is intrusion detection systems, which detect attacks in network environments and responds appropriately. This article presents a new multivariable heuristic intrusion detection algorithm based on different types of flags and values of entropy. The data is shared by organisations to help increase the effectiveness of intrusion detection. The authors also propose default values for parameters of a heuristic algorithm and values regarding detection thresholds. This solution has been implemented in a well-known, open-source system and verified with a series of tests. Additionally, the authors investigated how updating the variables affects the intrusion detection process. The results confirmed the effectiveness of the proposed approach and heuristic algorithm.

scholarly journals Network Attacks Detection by Hierarchical Neural Network

2015 ◽  
Vol 4 (2) ◽  
pp. 119-132
Author(s):  
Mohammad Masoud Javidi
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Single Agent ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Training Dataset ◽  
Detection Systems ◽  
Combination Of Classifiers

Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier

scholarly journals Black Hole attack Detection using Fuzzy based Intrusion Detection Systems in MANET

2019 ◽  
Vol 151 ◽  
pp. 1176-1181 ◽  
Author(s):  
Houda Moudni ◽  
Mohamed Er-rouidi ◽  
Hicham Mouncif ◽  
Benachir El Hadadi
Keyword(s):  
Black Hole ◽  
Intrusion Detection ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Black Hole Attack ◽  
Detection Systems

scholarly journals Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

2021 ◽  
Vol 11 (4) ◽  
pp. 1674
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

scholarly journals An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

2021 ◽  
Vol 13 (18) ◽  
pp. 10057
Author(s):  
Imran ◽  
Faisal Jamil ◽  
Dohyeun Kim
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Accuracy ◽  
Learning Mechanism ◽  
Detection Systems ◽  
Network Applications ◽  
Network Intrusion

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

Sign in / Sign up

Export Citation Format

Share Document