NTLFlowLyzer: Towards generating an intrusion detection dataset and intruders behavior profiling through network and transport layers traffic analysis and pattern extraction

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2024-10-19 DOI:10.1016/j.cose.2024.104160
MohammadMoein Shafi , Arash Habibi Lashkari , Arousha Haghighian Roudsari
{"title":"NTLFlowLyzer: Towards generating an intrusion detection dataset and intruders behavior profiling through network and transport layers traffic analysis and pattern extraction","authors":"MohammadMoein Shafi ,&nbsp;Arash Habibi Lashkari ,&nbsp;Arousha Haghighian Roudsari","doi":"10.1016/j.cose.2024.104160","DOIUrl":null,"url":null,"abstract":"<div><div>Network security remains a critical concern in modern computing systems due to the constant emergence of threats and attacks. This paper introduces a comprehensive behavioral profiling solution to address the limitations of current intrusion detection methods in identifying zero-day attacks and novel malicious behaviors. Beginning with raw network data, the proposed framework progresses through multiple stages, ultimately culminating in the creation of activity-specific profiles. Central to this approach is NTLFlowLyzer, a novel network traffic analyzer, which generates an updated dataset, BCCC-CIC-IDS2017, for enhanced profile generation. The core of the profiling system leverages the distinct behaviors exhibited by individual features and the diverse correlations observed across various activities. The profiling procedure attains accuracy and robustness by integrating a novel feature selection algorithm and a pattern extraction process. Furthermore, behavior similarity is introduced to quantify the resemblance between activities based on their features and behaviors. We rigorously evaluate the effectiveness of our model by subjecting it to comprehensive testing, followed by meticulous comparison with previous works. Our proposed framework proficiently characterizes eight malicious activities with an accuracy rate surpassing 99.8%, while displaying promising performance in profiling various other activities. These findings, derived from our comprehensive experiments, provide valuable guidance for accurately implementing behavioral profiling.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104160"},"PeriodicalIF":4.8000,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004656","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Network security remains a critical concern in modern computing systems due to the constant emergence of threats and attacks. This paper introduces a comprehensive behavioral profiling solution to address the limitations of current intrusion detection methods in identifying zero-day attacks and novel malicious behaviors. Beginning with raw network data, the proposed framework progresses through multiple stages, ultimately culminating in the creation of activity-specific profiles. Central to this approach is NTLFlowLyzer, a novel network traffic analyzer, which generates an updated dataset, BCCC-CIC-IDS2017, for enhanced profile generation. The core of the profiling system leverages the distinct behaviors exhibited by individual features and the diverse correlations observed across various activities. The profiling procedure attains accuracy and robustness by integrating a novel feature selection algorithm and a pattern extraction process. Furthermore, behavior similarity is introduced to quantify the resemblance between activities based on their features and behaviors. We rigorously evaluate the effectiveness of our model by subjecting it to comprehensive testing, followed by meticulous comparison with previous works. Our proposed framework proficiently characterizes eight malicious activities with an accuracy rate surpassing 99.8%, while displaying promising performance in profiling various other activities. These findings, derived from our comprehensive experiments, provide valuable guidance for accurately implementing behavioral profiling.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
NTLFlowLyzer:通过网络和传输层流量分析和模式提取,生成入侵检测数据集和入侵者行为剖析
由于威胁和攻击的不断出现,网络安全仍然是现代计算系统中的一个重要问题。本文介绍了一种全面的行为特征分析解决方案,以解决当前入侵检测方法在识别零日攻击和新型恶意行为方面的局限性。从原始网络数据开始,所提出的框架经过多个阶段,最终创建出针对特定活动的特征分析。NTLFlowLyzer 是这种方法的核心,它是一种新型网络流量分析器,可生成最新数据集 BCCC-CIC-IDS2017,用于增强剖析生成。剖析系统的核心是利用单个特征所表现出的独特行为以及在各种活动中观察到的不同相关性。通过整合新颖的特征选择算法和模式提取过程,剖析程序实现了准确性和鲁棒性。此外,还引入了行为相似性,根据活动的特征和行为量化活动之间的相似性。我们对模型进行了全面测试,并与之前的研究成果进行了细致比较,从而对模型的有效性进行了严格评估。我们所提出的框架能够熟练地描述八种恶意活动,准确率超过 99.8%,同时在描述其他各种活动时也表现出良好的性能。这些结论来自我们的全面实验,为准确实施行为特征分析提供了宝贵的指导。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
Beyond the sandbox: Leveraging symbolic execution for evasive malware classification Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks PdGAT-ID: An intrusion detection method for industrial control systems based on periodic extraction and spatiotemporal graph attention Dynamic trigger-based attacks against next-generation IoT malware family classifiers Assessing cybersecurity awareness among bank employees: A multi-stage analytical approach using PLS-SEM, ANN, and fsQCA in a developing country context
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1