SuperB: Superior Behavior-based Anomaly Detection Defining Authorized Users\u27 Traffic Patterns

Network anomalies are correlated to activities that deviate from regular behavior patterns in a network, and they are undetectable until their actions are defined as malicious. Current work in network anomaly detection includes network-based and host-based intrusion detection systems. However, network anomaly detection schemes can suffer from high false detection rates due to the base rate fallacy. When the detection rate is less than the false positive rate, which is found in network anomaly detection schemes working with live data, a high false detection rate can occur. To overcome such a drawback, this paper proposes a superior behavior-based anomaly detection system (SuperB) that defines legitimate network behaviors of authorized users in order to identify unauthorized accesses. I define the network behaviors of the authorized users by training the proposed deep learning model with time series data extracted from network packets of each of the users. Then, the trained model is used to classify all other behaviors (I define these as anomalies) from the defined legitimate behaviors. As a result, SuperB effectively detects all anomalies of network behaviors. The simulation results show that SuperB needs at least five end-to-end network conversations to achieve over 95% accuracy and over 93% true positive rate. Some simulations achieved 100% accuracy and true positive rate. The simulations use live network data combined with the CICIDS2017 data set. The performance has an average of less than 1.1% false positive rate, with some simulations showing 0%. The execution time to process each conversation is 85.20 ± 0.60 milliseconds (ms), and thus it takes about only 426 ms to process five conversations to identify an anomaly

Recent Advances in Anomaly Detection Methods Applied to Aviation

International audienceAnomaly detection is an active area of research with numerous methods and applications. This survey reviews the state-of-the-art of data-driven anomaly detection techniques and their application to the aviation domain. After a brief introduction to the main traditional data-driven methods for anomaly detection, we review the recent advances in the area of neural networks, deep learning and temporal-logic based learning. In particular, we cover unsupervised techniques applicable to time series data because of their relevance to the aviation domain, where the lack of labeled data is the most usual case, and the nature of flight trajectories and sensor data is sequential, or temporal. The advantages and disadvantages of each method are presented in terms of computational efficiency and detection efficacy. The second part of the survey explores the application of anomaly detection techniques to aviation and their contributions to the improvement of the safety and performance of flight operations and aviation systems. As far as we know, some of the presented methods have not yet found an application in the aviation domain. We review applications ranging from the identification of significant operational events in air traffic operations to the prediction of potential aviation system failures for predictive maintenance

Utilizzo di un Autoencoder per la realizzazione di un Sistema di Rilevamento delle Intrusioni nella rete locale

Negli ultimi decenni la quantità di nuovi dispositivi connessi in rete è cresciuta molto velocemente. I dati così generati non sono umanamente analizzabili. Per questo motivo risulta utile un approccio basato su tecniche di Intelligenza Artificiale per monitorare il traffico di rete. Lo scopo della tesi è realizzare un Intrusion Detection System basato su IA che permetta la segnalazione all'utente del traffico anomalo in transito sul dispositivo

多変量時系列データの変分オートエンコーダによるロバストな教示なし異常検知

九州工業大学博士学位論文 学位記番号：情工博甲第370号 学位授与年月日：令和4年9月26日1: Introduction|2: Background & Theory|3: Methodology|4: Experiments and Discussion|5: Conclusions九州工業大学令和4年