4,890 research outputs found
Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches
Presently, we are living in a hyper-connected world where millions of heterogeneous devices are continuously sharing information in different application contexts for wellness, improving communications, digital businesses, etc. However, the bigger the number of devices and connections are, the higher the risk of security threats in this scenario. To counteract against malicious behaviours and preserve essential security services, Network Intrusion Detection Systems (NIDSs) are the most widely used defence line in communications networks. Nevertheless, there is no standard methodology to evaluate and fairly compare NIDSs. Most of the proposals elude mentioning crucial steps regarding NIDSs validation that make their comparison hard or even impossible. This work firstly includes a comprehensive study of recent NIDSs based on machine learning approaches, concluding that almost all of them do not accomplish with what authors of this paper consider mandatory steps for a reliable comparison and evaluation of NIDSs. Secondly, a structured methodology is proposed and assessed on the UGR'16 dataset to test its suitability for addressing network attack detection problems. The guideline and steps recommended will definitively help the research community to fairly assess NIDSs, although the definitive framework is not a trivial task and, therefore, some extra effort should still be made to improve its understandability and usability further
Spatiotemporal Patterns and Predictability of Cyberattacks
Y.C.L. was supported by Air Force Office of Scientific Research (AFOSR) under grant no. FA9550-10-1-0083 and Army Research Office (ARO) under grant no. W911NF-14-1-0504. S.X. was supported by Army Research Office (ARO) under grant no. W911NF-13-1-0141. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.Peer reviewedPublisher PD
Intrusion Detection Systems Using Adaptive Regression Splines
Past few years have witnessed a growing recognition of intelligent techniques
for the construction of efficient and reliable intrusion detection systems. Due
to increasing incidents of cyber attacks, building effective intrusion
detection systems (IDS) are essential for protecting information systems
security, and yet it remains an elusive goal and a great challenge. In this
paper, we report a performance analysis between Multivariate Adaptive
Regression Splines (MARS), neural networks and support vector machines. The
MARS procedure builds flexible regression models by fitting separate splines to
distinct intervals of the predictor variables. A brief comparison of different
neural network learning algorithms is also given
Spatiotemporal patterns and predictability of cyberattacks
A relatively unexplored issue in cybersecurity science and engineering is
whether there exist intrinsic patterns of cyberattacks. Conventional wisdom
favors absence of such patterns due to the overwhelming complexity of the
modern cyberspace. Surprisingly, through a detailed analysis of an extensive
data set that records the time-dependent frequencies of attacks over a
relatively wide range of consecutive IP addresses, we successfully uncover
intrinsic spatiotemporal patterns underlying cyberattacks, where the term
"spatio" refers to the IP address space. In particular, we focus on analyzing
{\em macroscopic} properties of the attack traffic flows and identify two main
patterns with distinct spatiotemporal characteristics: deterministic and
stochastic. Strikingly, there are very few sets of major attackers committing
almost all the attacks, since their attack "fingerprints" and target selection
scheme can be unequivocally identified according to the very limited number of
unique spatiotemporal characteristics, each of which only exists on a
consecutive IP region and differs significantly from the others. We utilize a
number of quantitative measures, including the flux-fluctuation law, the Markov
state transition probability matrix, and predictability measures, to
characterize the attack patterns in a comprehensive manner. A general finding
is that the attack patterns possess high degrees of predictability, potentially
paving the way to anticipating and, consequently, mitigating or even preventing
large-scale cyberattacks using macroscopic approaches
- …