22 research outputs found
Fuzzy Aided Application Layer Semantic Intrusion Detection System - FASIDS
The objective of this is to develop a Fuzzy aided Application layer Semantic
Intrusion Detection System (FASIDS) which works in the application layer of the
network stack. FASIDS consist of semantic IDS and Fuzzy based IDS. Rule based
IDS looks for the specific pattern which is defined as malicious. A
non-intrusive regular pattern can be malicious if it occurs several times with
a short time interval. For detecting such malicious activities, FASIDS is
proposed in this paper. At application layer, HTTP traffic's header and payload
are analyzed for possible intrusion. In the proposed misuse detection module,
the semantic intrusion detection system works on the basis of rules that define
various application layer misuses that are found in the network. An attack
identified by the IDS is based on a corresponding rule in the rule-base. An
event that doesn't make a 'hit' on the rule-base is given to a Fuzzy Intrusion
Detection System (FIDS) for further analysis.Comment: 18 Pages, IJNS
Studying machine learning techniques for intrusion detection systems
Intrusion detection systems (IDSs) have been studied widely in the computer security community for a long time. The recent development of machine learning techniques has boosted the performance of the intrusion detection systems significantly. However, most modern machine learning and deep learning algorithms are exhaustive of labeled data that requires a lot of time and effort to collect. Furthermore, it might be late until all the data is collected to train the model. In this study, we first perform a comprehensive survey of existing studies on using machine learning for IDSs. Hence we present two approaches to detect the network attacks. We present that by using a tree-based ensemble learning with feature engineering we can outperform state-of-the-art results in the field. We also present a new approach in selecting training data for IDSs hence by using a small subset of training data combined with some weak classification algorithms we can improve the performance of the detector while maintaining the low running cost
In-Vehicle Data Communication with CAN &Security Monitoring: A Review
Automobiles are now being created with more electronic components for efficient functioning such as Anti Lock Braking system, Adaptive Cruise Control, Traction control system, Airbag, Power Steering etc. managed by networked controllers that include hundreds of ECUs (electronic control units) that can coordinate, control, and monitor loads of internal vehicle components. Each component, such as ABS, TCS (Traction control system), tire pressure monitoring system and telematics system, may communicate with nearby components over the CAN (Controller Area Network) bus, establishing an in-vehicle communication network. These modern automobile system networks intended for safety with minimal consideration for security have drawn the attention of researchers for providing security in CAN. The Paper reviews the behavior and vulnerabilities of CAN within an in-vehicle network including various attacks possible in CAN along with the proposed solutions in the literature with extensive survey on a security promising approach named as IDS (Intrusion detection system)
Unsupervised Anomaly Detectors to Detect Intrusions in the Current Threat Landscape
Anomaly detection aims at identifying unexpected fluctuations in the expected
behavior of a given system. It is acknowledged as a reliable answer to the
identification of zero-day attacks to such extent, several ML algorithms that
suit for binary classification have been proposed throughout years. However,
the experimental comparison of a wide pool of unsupervised algorithms for
anomaly-based intrusion detection against a comprehensive set of attacks
datasets was not investigated yet. To fill such gap, we exercise seventeen
unsupervised anomaly detection algorithms on eleven attack datasets. Results
allow elaborating on a wide range of arguments, from the behavior of the
individual algorithm to the suitability of the datasets to anomaly detection.
We conclude that algorithms as Isolation Forests, One-Class Support Vector
Machines and Self-Organizing Maps are more effective than their counterparts
for intrusion detection, while clustering algorithms represent a good
alternative due to their low computational complexity. Further, we detail how
attacks with unstable, distributed or non-repeatable behavior as Fuzzing, Worms
and Botnets are more difficult to detect. Ultimately, we digress on
capabilities of algorithms in detecting anomalies generated by a wide pool of
unknown attacks, showing that achieved metric scores do not vary with respect
to identifying single attacks.Comment: Will be published on ACM Transactions Data Scienc