Top

Journal of Intelligent Information Systems

Published in:

01-02-2014

Human perspective to anomaly detection for cybersecurity

Authors: Song Chen, Vandana P. Janeja

Published in: Journal of Intelligent Information Systems | Issue 1/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Traditionally signature-based network Intrusion Detection Systems (IDS) rely on inputs from domain experts and can only identify the attacks if they occur as individual event. IDS generate large number of alerts and it becomes very difficult for human users to go through each message. Previous researches have proposed analytics based approaches to analyze IDS alert patterns based on anomaly detection models, multi-steps models or probabilistic approaches. However, due to the complexities of network intrusions, it is impossible to develop all possible attack patterns or to avoid false positives. With the advance in technologies and popularity of networks in our daily life, it is becoming more and more difficult to detect network intrusions. However, no matter how rapid the technologies change, the human behaviors behind the cyber attacks stay relatively constant. This provides us an opportunity to develop an improved system to detect the unusual cyber attacks. In this paper, we developed four network intrusion models based on consideration of human factors. We then tested these models on ITOC Cyber Defense Competition (CDX) 2009 data. Our results are encouraging. These Models are not only able to recognize most network attacks identified by SNORT log alerts, they are also able to distinguish the non-attack network traffic that was potentially missed by SNORT as indicated by ground truth validation of the data.

previous article Mining top-k frequent patterns over data streams sliding window

next article Dealing with trajectory streams by clustering and mathematical transforms

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Anwar, F., Anwar, Z., et al. (2011). Digital forensics for eucalyptus. In Frontiers of Information Technology (FIT), 2011 (pp. 110–116). IEEE.

Cheung, S., Lindqvist, U., Fong, M.W. (2003). Modeling multistep cyber attacks for scenario recognition. In DARPA information survivability conference and exposition, 2003. Proceedings (vol. 1, pp. 284–292). IEEE.

Cuppens, F., & Miège, A. (2002). Alert correlation in a cooperative intrusion detection framework. In 2002 IEEE symposium on security and privacy, 2002. Proceedings (pp. 202–215). IEEE.

Denning, D.E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2), 222–232.CrossRef

Dey, S., Janeja, V.P., Gangopadhyay, A. (2009). Temporal neighborhood discovery through unequal depth binning. In IEEE International Conference on Data Mining (ICDM’09).

Dodge Jr, R.C., & Wilson, T. (2003). Network traffic analysis from the cyber defense exercise. In IEEE international conference on systems, man and cybernetics, 2003 (vol. 5, pp. 4317–4321). IEEE.

Fanelli, R. (2010). The value of competition. SC Magazine.

Kim, S.J., & Hong, S. (2011). Study on the development of early warning model for cyber attack. In 2011 International Conference on Information Science and Applications (ICISA) (pp. 1–8). IEEE.

Liu, Z., Wang, C., Chen, S. (2008). Correlating multi-step attack and constructing attack scenarios based on attack pattern modeling. In International conference on information security and assurance, 2008. ISA 2008 (pp. 214–219). IEEE.

Miles, W. (2001). Hack proofing sun solaris 8—protect your solaris network from attack (1st ed., pp. 83–85, 257). New York: Syngress.

Namayanja, J.M., & Janeja, V.P. (2013). Discovery of persistent threat structures through temporal and geo-spatial characterization in evolving networks. In IEEE Intelligence and Security Informatics (ISI).

Nguyen, H.D., Gutta, S., Cheng, Q. (2010). An active distributed approach for cyber attack detection. In 2010 conference record of the forty fourth asilomar conference on signals, systems and computers (ASILOMAR) (pp. 1540–1544). IEEE.

Ning, P., Cui, Y., Reeves, D.S., Xu, D. (2004). Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security (TISSEC), 7(2), 274–318.CrossRef

Orebaugh, A.D., Biles, S., Babbin, J. (2005). Snort cookbook. O’Reilly Media, Inc.

Rehman, R.U. (2003). Intrusion detection systems with Snort: Advanced IDS techniques using Snort, Apache, MySQL, PHP, and ACID. Prentice Hall PTR.

Roesch, M., & Green, C. (2003). Snort users manual 2.9.3. (pp. 1–2, 179–180).

Sangster, B., O’Connor, T.J., Cook, T., Fanelli, R., Dean, E., Adams, W.J., Morrell, C., Conti, G. (2009). Toward instrumenting network warfare competitions to generate labeled datasets. In Proceedings of the 2nd conference on cyber security experimentation and test (pp. 9–9). USENIX Association.

Snort (software) (2013). Wikipedia.com ID: 551979534.

Valdes, A., & Skinner, K. (2001). Probabilistic alert correlation. In Recent advances in intrusion detection (pp. 54–68). Springer.

Youssef, A., & Emam, A. (2012). Network intrusion detection using data mining and network behaviour analysis. International Journal of Computer Science & Information Technology, 3.6, 87–98.

Title: Human perspective to anomaly detection for cybersecurity
Authors: Song Chen
Vandana P. Janeja
Publication date: 01-02-2014
Publisher: Springer US
Published in: Journal of Intelligent Information Systems / Issue 1/2014
Print ISSN: 0925-9902
Electronic ISSN: 1573-7675
DOI: https://doi.org/10.1007/s10844-013-0266-3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2014

Clustering-based diversity improvement in top-N recommendation

Dealing with trajectory streams by clustering and mathematical transforms

Hierarchical directory mapping for category-constrained meta-search

Bayesian analysis of GUHA hypotheses

Mining top-k frequent patterns over data streams sliding window

Cost-sensitive three-way email spam filtering

Premium Partner