The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Anomalous payloads in network packets are a potential source for intrusion in computer networks. In this paper we come up with an efficient machine learning approach to detect anomalous payloads. The approach uses n-gram preprocessing to extract words included in the payload. Bayesian inference is used to learn normal and anomalous traffic patterns from the words extracted during training. During...
Correctly labelled dataseis are commonly required. Three particular scenarios are highlighted, which showcase this need. One of these scenarios is when using supervised Intrusion Detection Systems (TDSs). These systems need labelled datasets for their training process. Also, the real nature of analysed datasets must be known when evaluating the efficiency of IDSs detecting intrusions. The third scenario...
Recently, with wide use of computer systems, internet, and rapid growth of computer networks, the problem of intrusion detection in network security has become an important issue of concern. In this regard, various intrusion detection systems have been developed for using misuse detection and anomaly detection methodologies. These systems try to improve detection rates of variation in attack types...
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks can result in huge loss of data and make resources unavailable for legitimate users. With continuous growth of Internet users and traffic, the importance of Intrusion Detection System (IDS) for detection of DoS/DDoS network attacks has also grown. Different techniques such as data mining and pattern recognition are being used...
Detecting anomalous traffic on the Internet has remained an issue of concern for the community of security researchers over the years. Advances in computing performance, in terms of processing power and storage, have allowed the use of resource-intensive intelligent algorithms, to detect intrusive activities, in a timely manner. Naïve Bayes is a statistical inference learning algorithm with promise...
Anomaly detection in computer networks is an actively researched topic in the field of intrusion detection. The Internet Analysis System (IAS) is a software framework which provides passive probes and centralized backend services to collect purely statistical network data in distributed computer networks. This paper presents an empirical evaluation of the IAS data format for detecting anomalies, caused...
With the development of the Internet, the Intrusion Detection has been gradually playing a more and more important role in Network Security. Radial Basis Function Neural Network are widely used in Intrusion Detection, especially Probabilistic Neural Network. However, the detection speed is a problem which impedes it to be applied to Real-time Intrusion Detection. In this paper, for increasing the...
The use of computer networks has increased significantly in recent years. This proliferation, in combination with the interconnection of networks via the Internet, has drastically increased their vulnerability to attack by malicious agents. The wide variety of attack modes has exacerbated the problem in detecting attacks. Many current intrusion detection systems (IDS) are unable to identify unknown...
Today more and more network-based attacks occur at application layer. Observed from the network layer and transport layer, these attacks may not contain significant malicious activities, and generate abnormal network traffic. However, traditional security techniques usually detect attacks from those two layers. Although some security techniques can detect some application layer attacks, these techniques...
With the rapid development of the Internet services and the fast increasing of intrusion problems, the traditional intrusion detection methods cannot work well with the more and more complicated intrusions. So introducing machine learning into intrusion detection systems to improve the performance has become one of the major concerns in the research of intrusion detection. Intrusion detection systems...
Fast Internet growth and increase in number of users make network security essential in recent decades. Lately one of the most hot research topics in network security is intrusion detection systems (IDSs) which try to keep security at the highest level. This paper addresses a IDS using a 2-layered feed-forward neural network. In training phase, “early stopping” strategy is used to overcome the “over-fitting”...
Internet grows day to day and so on the complexity of its security. Different types of people all around the world use Internet in their daily routine tasks. Internet and network security challenges make use of more efficient and complicated defense tools such as Intrusion Detection Systems (IDSs) vital. Nowadays attempts to solve IDS problems are under consideration. One of the deficiencies of current...
HTTP-related vulnerabilities are being more commonly exploited as HTTP applications becoming the number one application across the Internet. Several HTTP specific anomaly methods have been proposed, among which grammar-based methods tend more likely to reflect the underlying structure of HTTP communications, therefore showed a promising classifying capability between benign and malicious accesses...
We propose and evaluate an approach for network intrusion detection in high dimensional space. This approach is based on an approximate solution to the nearest neighbor problem. Our evaluation is based on the KDD'99 data set, a Yahoo Web spam data set and another set used in the NIPS'03 feature selection challenge. The approximate approach shows that good performance in terms of detection rate and...
Internet became one of life's basics in these days. More networks are connected to the Internet every day, which increases the amount of valuable data and the number of resources that can be attacked. Some systems have been designed and developed to secure these data and prevent attacks on resources. Unfortunately, new attacks are being created everyday, which make it hard to design a system that...
A novel approach based on applying a modern meta-heuristic Gene Expression Programming (GEP) to detecting Web application attacks is presented in the paper. This class of attacks relates to malicious activity of an intruder against applications, which use a database for storing data. The application uses SQL to retrieve data from the database and Web server mechanisms to put them in a Web browser...
In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems has emerged as a key element in network security. In this paper we address the problem considering some techniques...
Nowadays, as information systems are more open to the Internet, the importance of secure networks is tremendously increased. New intelligent intrusion detection systems (IDSs) which are based on sophisticated algorithms rather than current signature-base detections are in demand. In this paper, we propose a new data-mining based technique for intrusion detection using an ensemble of binary classifiers...
This paper proposes a system for lightweight detection of DoS attacks, called LD2. Our system detects attack activities by observing flow behaviors and matching them with graphlets for each attack type. The proposed system is lightweight because it does not analyze packet content nor packet statistics. We benchmark performance of LD2, in terms of detection accuracy and complexity against Snort, a...
The early identification of applications through the observation and fast analysis of the associated packet flows is a critical building block of intrusion detection and policy enforcement systems. The simple techniques currently used in practice, such as looking at the transport port numbers or at the application payload, are increasingly less effective for new applications using random port numbers...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.