scholarly journals Online Mining Intrusion Patterns from IDS Alerts

2020 ◽  
Vol 10 (8) ◽  
pp. 2983 ◽  
Author(s):  
Kai Zhang ◽  
Shoushan Luo ◽  
Yang Xin ◽  
Hongliang Zhu ◽  
Yuling Chen
Keyword(s):  
Intrusion Detection System ◽  
Pattern Mining ◽  
Detection System ◽  
Random Noise ◽  
Production Environment ◽  
Action Sequence ◽  
The Real ◽  
Action Sequences ◽  
Common Problems ◽  
Online Mining

The intrusion detection system (IDS) which is used widely in enterprises, has produced a large number of logs named alerts, from which the intrusion patterns can be mined. These patterns can be used to construct the intrusion scenarios or discover the final objectives of the malicious actors, and even assist the forensic works of network crimes. In this paper, a novel algorithm for the intrusion pattern mining is proposed which aimsto solve the difficult problems of the intrusion action sequence such as the loss of important intrusion actions, the disorder of the action sequence and the random noise actions. These common problems often occur in the real production environment which cause serious performance decrease in the analyzing system. The proposed algorithm is based on the online analysis of the intrusion action sequences extracted from IDS alerts, through calculating the influences of a particular action on the subsequent actions, the real intrusion patterns are discovered. The experimental results show that the method is effective in discovering pattern from the complex intrusion action sequences.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

scholarly journals ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

Sensors ◽  
2020 ◽  
Vol 20 (18) ◽  
pp. 5305
Author(s):  
Panagiotis Radoglou Grammatikis ◽  
Panagiotis Sarigiannidis ◽  
Georgios Efstathopoulos ◽  
Emmanouil Panaousis
Keyword(s):  
Intrusion Detection ◽  
Smart Grid ◽  
Intrusion Detection System ◽  
Network Flow ◽  
Network Flows ◽  
Detection System ◽  
Random Noise ◽  
Denial Of Service ◽  
The Third ◽  
Operational Data

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

scholarly journals A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Dhanalakshmi Krishnan Sadhasivan ◽  
Kannapiran Balasubramanian
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Accuracy ◽  
The Real ◽  
Common Path ◽  
Research Areas ◽  
Water Pipeline ◽  
Active Research

Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS) to detect the anomalies in the real-time datasets such as KDD and SCADA. Besides, the feedback loop provides the necessary update of attacks in the database that leads to the improvement in the detection accuracy. The combination of the rules and responsibilities for multiagents effectively detects the anomaly behavior, misuse of response, or relay reports of gas/water pipeline data in KDD and SCADA, respectively. The comparative analysis of the proposed ARMA-IDS with the various existing path mining methods, namely, random forest, JRip, a combination of AdaBoost/JRip, and common path mining on the SCADA dataset conveys that the effectiveness of the proposed ARMA-IDS in the real-time fault monitoring. Moreover, the proposed ARMA-IDS offers the higher detection rate in the SCADA and KDD cup 1999 datasets.

scholarly journals Pengelompokan Notifikasi Alert Intrusion Detection System Snort Pada Bot Telegram Menggunakan Algoritma K-Means

Repositor ◽  
2020 ◽  
Vol 2 (3) ◽  
pp. 339
Author(s):  
Bagus Alfiansyah ◽  
Syaifuddin Syaifuddin ◽  
Diah Risqiwati
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
The Real ◽  
Increasing Knowledge ◽  
High Label

AbstrakDengan semakin luasnya pengetahuan dan meningkatnya kejahatan internet maka dibutuhkan Intrusion Detection System (IDS) salah satunya adalah Snort yang dapat mendeteksi serangan. Dibutuhkan notifikasi serangan agar administrator tahu jika adanya serangan. Pengelompokan alert menggunakan metode K-Means untuk membagi 2 kelompok alert yaitu low dan high. Bot Telegram akan mengirimkan alert yang memiliki label high saja. Notifikasi akan muncul pada aplikasi Telegram. Dataset 4SICS digunakan untuk proses penegelompokan agar menghasilkan 2 centroid yang akan digunakan pada serangan real. Proses pengujian serangan real dilakukan selama 2 hari. Terdapat total 10352 serangan diantaranya 1096 memiliki label high dan 9256 memiliki label low serta terdapat 771 notifikasi yang dikirimkan.Persentase hasil serangan selama satu jam berdasarkan label serangan. 60,38% serangan memiliki label “high” dan 39,62% memiliki label “low”. Persentase hasil serangan selama dua hari berdasarkan label serangan. 89% serangan memiliki label “low” dan 11% memiliki label “high”.Abstract With the increasing knowledge and cybercrime, Intrusion Detection System (IDS) is needed. One of which is Snort that can detect the attack. Notification when there is attack is needed so the administrator knows. Alert clustering uses K-Means to divide 2 cluster of alerts namely “low” and “high”. Telegram Bots will send alerts that having a “high” label only. Dataset from 4SICS is used for the grouping process to produce 2 centroid that will be used in real attacks. The real attack testing process is carried out for 2 days. There were a total of 10352 attacks including 1096 having a “high” label and 9256 having a “low” label and there were 771 notifications sent. Percentage of results of one hour attack results based on attack labels was 60.38% of attacks had the label “high” and 39.62% had the label ”low”. Percentage of results of two days attack results based on attack labels was 89% of attacks had the label “low” and 11% had the label ”high”.

scholarly journals LAN Traffic Capture Applications Using the Libtins Library

Electronics ◽  
2021 ◽  
Vol 10 (24) ◽  
pp. 3084
Author(s):  
Adrian-Tiberiu Costin ◽  
Daniel Zinca ◽  
Virgil Dobrota
Keyword(s):  
Intrusion Detection ◽  
Programming Language ◽  
Intrusion Detection System ◽  
Detection System ◽  
Voice Over Ip ◽  
C Programming Language ◽  
Packet Capture ◽  
C Programming ◽  
Common Problems ◽  
The Right

Capturing traffic and processing its contents is a valuable skill that when put in the right hands makes diagnosing and troubleshooting network issues an approachable task. Apart from aiding in fixing common problems, packet capture can also be used for any application that requires getting a deeper understanding of how things work under the hood. Many tools have been developed in order to allow the user to study the flow of data inside of a network. This paper focuses on documenting the process of creating such tools and showcasing their use in different contexts. This is achieved by leveraging the power of the C++ programming language and of the libtins library in order to create custom extensible sniffing tools, which are then used in VoIP (Voice over IP) and IDS (Intrusion Detection System) applications.

An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset

2019 ◽  
Vol 23 (2) ◽  
pp. 1397-1418 ◽  
Author(s):  
Vikash Kumar ◽  
Ditipriya Sinha ◽  
Ayan Kumar Das ◽  
Subhash Chandra Pandey ◽  
Radha Tamal Goswami
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
System Analysis ◽  
Detection System ◽  
Data Set ◽  
Rule Based ◽  
The Real
Sign in / Sign up

Export Citation Format

Share Document