Using the pattern-of-life in networks to improve the effectiveness of intrusion detection systems

Francisco J. Aparicio-Navarro, J. Chambers, K. Kyriakopoulos, Yu Gong, D. Parish
{"title":"Using the pattern-of-life in networks to improve the effectiveness of intrusion detection systems","authors":"Francisco J. Aparicio-Navarro, J. Chambers, K. Kyriakopoulos, Yu Gong, D. Parish","doi":"10.1109/ICC.2017.7997374","DOIUrl":null,"url":null,"abstract":"As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available highlevel information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination.","PeriodicalId":6517,"journal":{"name":"2017 IEEE International Conference on Communications (ICC)","volume":"68 1","pages":"1-7"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Communications (ICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICC.2017.7997374","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14

Abstract

As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available highlevel information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
利用网络生命模式提高入侵检测系统的有效性
随着网络攻击的复杂性不断增加,需要开发新的、更强大的检测机制。下一代入侵检测系统(ids)不仅要能够根据可测量的网络流量,而且要能够根据与被保护网络相关的可用高层信息来调整其检测特性,以提高检测结果。我们利用网络的生活模式(Pattern-of-Life, PoL)作为高级信息的主要来源,这些信息与一天中的时间和网络资源的使用情况相关。我们建议使用模糊认知图(FCM)将PoL纳入检测过程。这项工作的主要目的是证明使用FCM利用网络相关上下文信息提高了IDS的检测性能。我们提出的结果验证了所提出的方法通过减少误报总数来提高IDS的有效性;当所有考虑的指标组合在一起时,提供9.68%的改进,峰值改进高达35.64%,具体取决于特定的指标组合。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Dynamic control of NFV forwarding graphs with end-to-end deadline constraints New sensing technique for detecting application layer DDoS attacks targeting back-end database resources Using the pattern-of-life in networks to improve the effectiveness of intrusion detection systems On the two time scale characteristics of wireless high speed railway networks Secrecy outage analysis of buffer-aided multi-antenna relay systems without eavesdropper's CSI
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1