167,608 research outputs found
Machine Learning Methods for Attack Detection in the Smart Grid
Attack detection problems in the smart grid are posed as statistical learning
problems for different attack scenarios in which the measurements are observed
in batch or online settings. In this approach, machine learning algorithms are
used to classify measurements as being either secure or attacked. An attack
detection framework is provided to exploit any available prior knowledge about
the system and surmount constraints arising from the sparse structure of the
problem in the proposed approach. Well-known batch and online learning
algorithms (supervised and semi-supervised) are employed with decision and
feature level fusion to model the attack detection problem. The relationships
between statistical and geometric properties of attack vectors employed in the
attack scenarios and learning algorithms are analyzed to detect unobservable
attacks using statistical learning methods. The proposed algorithms are
examined on various IEEE test systems. Experimental analyses show that machine
learning algorithms can detect attacks with performances higher than the attack
detection algorithms which employ state vector estimation methods in the
proposed attack detection framework.Comment: 14 pages, 11 Figure
Threshold Verification Technique for Network Intrusion Detection System
Internet has played a vital role in this modern world, the possibilities and
opportunities offered are limitless. Despite all the hype, Internet services
are liable to intrusion attack that could tamper the confidentiality and
integrity of important information. An attack started with gathering the
information of the attack target, this gathering of information activity can be
done as either fast or slow attack. The defensive measure network administrator
can take to overcome this liability is by introducing Intrusion Detection
Systems (IDSs) in their network. IDS have the capabilities to analyze the
network traffic and recognize incoming and on-going intrusion. Unfortunately
the combination of both modules in real time network traffic slowed down the
detection process. In real time network, early detection of fast attack can
prevent any further attack and reduce the unauthorized access on the targeted
machine. The suitable set of feature selection and the correct threshold value,
add an extra advantage for IDS to detect anomalies in the network. Therefore
this paper discusses a new technique for selecting static threshold value from
a minimum standard features in detecting fast attack from the victim
perspective. In order to increase the confidence of the threshold value the
result is verified using Statistical Process Control (SPC). The implementation
of this approach shows that the threshold selected is suitable for identifying
the fast attack in real time.Comment: 8 Pages, International Journal of Computer Science and Information
Securit
Network anomaly detection: a survey and comparative analysis of stochastic and deterministic methods
7 pages. 1 more figure than final CDC 2013 versionWe present five methods to the problem of network anomaly detection. These methods cover most of the common techniques in the anomaly detection field, including Statistical Hypothesis Tests (SHT), Support Vector Machines (SVM) and clustering analysis. We evaluate all methods in a simulated network that consists of nominal data, three flow-level anomalies and one packet-level attack. Through analyzing the results, we point out the advantages and disadvantages of each method and conclude that combining the results of the individual methods can yield improved anomaly detection results
Bridging statistical learning and formal reasoning for cyber attack detection
Current cyber-infrastructures are facing increasingly stealthy attacks that implant malicious payloads under the cover of benign programs. Current attack detection approaches based on statistical learning methods may generate misleading decision boundaries when processing noisy data with such a mixture of benign and malicious behaviors. On the other hand, attack detection based on formal program analysis may lack completeness or adaptivity when modeling attack behaviors. In light of these limitations, we have developed LEAPS, an attack detection system based on supervised statistical learning to classify benign and malicious system events. Furthermore, we leverage control flow graphs inferred from the system event logs to enable automatic pruning of the training data, which leads to a more accurate classification model when applied to the testing data. Our extensive evaluation shows that, compared with pure statistical learning models, LEAPS achieves consistently higher accuracy when detecting real-world camouflaged attackswith benign program cover-up
Data-Injection Attacks
In this chapter we review some of the basic attack constructions that exploit
a stochastic description of the state variables. We pose the state estimation
problem in a Bayesian setting and cast the bad data detection procedure as a
Bayesian hypothesis testing problem. This revised detection framework provides
the benchmark for the attack detection problem that limits the achievable
attack disruption. Indeed, the trade-off between the impact of the attack, in
terms of disruption to the state estimator, and the probability of attack
detection is analytically characterized within this Bayesian attack setting. We
then generalize the attack construction by considering information-theoretic
measures that place fundamental limits to a broad class of detection,
estimation, and learning techniques. Because the attack constructions proposed
in this chapter rely on the attacker having access to the statistical structure
of the random process describing the state variables, we conclude by studying
the impact of imperfect statistics on the attack performance. Specifically, we
study the attack performance as a function of the size of the training data set
that is available to the attacker to estimate the second-order statistics of
the state variables.Comment: arXiv admin note: substantial text overlap with arXiv:1808.0418
Threshold verification using statistical approach for fast attack detection
Network has grows to a mammoth size and becoming more complex, thus exposing the services it offers towards multiple types of intrusion vulnerabilities.One method to overcome
intrusion is by introducing Intrusion Detection System (IDS) for detecting the threat before it can damage the network resources.IDS have the ability to analyze network traffic and recognize incoming and on-going network attack.In detecting
intrusion attack, Information gathering on such activity can be classified into fast attack and slow attack.Yet, majority of the current intrusion detection systems do not have the ability to
differentiate between these two types of attacks. Early detection of fast attack is very useful in a real time environment; in which it can help the targeted network from further intrusion that
could let the intruder to gain access to the vulnerable machine.To address this challenge, this paper introduces a fast attack detection framework that set a threshold value to differentiate
between the normal network traffic and abnormal network traffic on the victim perspective. The threshold value is abstract with the help of suitable set of feature used to detect the
anomaly in the network. By introducing the threshold value, anomaly based detection can build a complete profile to detect any intrusion threat as well as at the same time reducing it false
alarm alert
- …