The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The signature-based intrusion detection is one of the most commonly used techniques implemented in modern intrusion detection systems (IDS). Being based on a set of rules, i.e., attack signatures, the accuracy and reliability of IDS detection heavily depend on the quality of the employed rule set. In this context, any conflicts that arise between rules create ambiguity in classification of network...
During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks, and KDDCUP'99 is the mostly widely used data set for the evaluation of these systems. Having conducted a statistical analysis on this data set, we found two important issues which highly affects the performance of evaluated systems,...
During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks. However, having a relatively high false alarm rate, anomaly detection has not been wildly used in real networks. In this paper, we have proposed a novel anomaly detection scheme using the correlation information contained in groups of...
Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we present a novel network anomaly detection approach based on wavelet analysis, approximate autoregressive and outlier detection techniques. In order to characterize network traffic behaviors, we proposed fifteen features...
One of the most important steps in attack detection using Intrusion Detection Systems (IDSs) is dealing with huge number of alerts that can be either critical single alerts and multi-step attack scenarios or false alerts and non-critical ones. In this paper we try to address the problem of managing alerts via a multi-layer alert correlation and Itering that can identify critical alerts after each...
As our daily life depends more and more on Internet technology, it also becomes increasingly susceptible to new types of cyber threats. These threats often take a form of innovative malicious behavior and commonly emerge in a pace that exceeds the capability of security experts to develop timely solutions to counter such threats. In this context it becomes particularly important to develop a good...
The feature selection phase is one of the first, and yet very important, tasks to be completed during the development of any intrusion detection system. If this phase is neglected, the detection performance of the entire system can drop significantly, regardless of the internal detection algorithms that are used. Our research focuses on mining the most useful network features for attack detection...
Intrusion detection is an effective approach for dealing with various problems in the area of network security. This paper presents a comparative study of using supervised probabilistic and predictive machine learning techniques for intrusion detection. Two probabilistic techniques Naive Bayes and Gaussian and two predictive techniques decision tree and random forests are employed. Different training...
One of the most important phases of the IDS/IPS design identifies the set of features that the system will use. This decision may influence both the performance of the system, and the types of attacks that it will detect. We present a feature classification schema for network intrusion detection, along with the implementation design, intended to provide a better understanding regarding the features...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.