IT Intrusion Detection Using Statistical Learning and Testbed Measurements

Proceedings of the 13th USENIX Conference on System Administration

Snort - lightweight intrusion detection for networks

M. Roesch

Published: 1999

Cybersecur

Survey of intrusion detection systems: techniques, datasets, and challenges

Khraisat, A., et al.

Published: 2019

IEEE Transactions on Network and Service Management

Learning near-optimal intrusion responses against dynamic attackers

K. Hammar, R. Stadler

Published: 2023

Proceedings of the ML4Cyber workshop, ICML 2022

Learning security strategies through game play and optimal stopping

K. Hammar, R. Stadler

Published: 2022

Proceedings of the IEEE

The viterbi algorithm

G. D. Forney

Published: 1973

IEEE Transactions on dependable and secure computing

Credit card fraud detection using hidden markov model

A. Srivastava, A. Kundu, S. Sural, A. Majumdar

Published: 2008

Lecture notes in computer science

Using hidden markov models to evaluate the risks of intrusions: System architecture and model validation

A. ARNES, F. VALEUR, G. VIGNA, R. A. KEMMERER

Published: 2006

The Scientific World Journal

The application of baum-welch algorithm in multistep attack

Y. Zhang, D. Zhao, J. Liu

Published: 2014

arxiv

被引用数 1

Architectures for Detecting Interleaved Multi-stage Network Attacks Using Hidden Markov Models

Tawfeeq Shawly, Ali Elghariani, Jason Kobes, Arif Ghafoor

Published: 2018.7.25

With the growing amount of cyber threats, the need for development of high-assurance cyber systems is becoming increasingly important. The objective of this paper is to address the challenges of modeling and detecting sophisticated network attacks, such as multiple interleaved attacks. We present the interleaving concept and investigate how interleaving multiple attacks can deceive intrusion detection systems. Using one of the important statistical machine learning (ML) techniques, Hidden Markov Models (HMM), we develop two architectures that take into account the stealth nature of the interleaving attacks, and that can detect and track the progress of these attacks. These architectures deploy a database of HMM templates of known attacks and exhibit varying performance and complexity. For performance evaluation, in the presence of multiple multi-stage attack scenarios, various metrics are proposed which include (1) attack risk probability, (2) detection error rate, and (3) the number of correctly detected stages. Extensive simulation experiments are used to demonstrate the efficacy of the proposed architectures.

マルコフモデル攻撃シナリオ分析状態遷移モデル

IEEE Access

Hidden markov models and alert correlations for the prediction of advanced persistent threats

I. Ghafir, K. G. Kyriakopoulos, S. Lambotharan, F. J. Aparicio-Navarro, B. AsSadhan, H. Binsalleeh, D. M. Diab

Published: 2019

IEEE Transactions on Dependable and Secure Computing

Real-time multistep attack prediction based on hidden markov models

P. Holgado, V. A. Villagra, L. Vazquez

Published: 2017

Proceedings of the IEEE

A tutorial on hidden Markov models and selected applications in speech recognition

L.R. Rabiner

Published: 1989

ieee assp magazine

An introduction to hidden markov models

L. Rabiner, B. Juang

Published: 1986

Neural computation

Long short-term memory

S. Hochreiter, J. Schmidhuber

Published: 1997

Proceedings of the AAAI Conference on Artificial Intelligence

Shuffling recurrent neural networks

M. Rotman, L. Wolf

Published: 2021

Code examples

Keras Developers

Machine learning

Random forests

L. Breiman

Published: 2001

Decision trees

scikit-learn developers

Randomforestclassifier

Sklearn Developers

Damn vulnerable web application (dvwa)

Published: 2023

Mitre inc

Published: 2023

ICISSp

Toward generating a new intrusion detection dataset and intrusion traffic characterization

Iman Sharafaldin, Arash Habibi Lashkari, Ali A Ghorbani

Published: 2018

Journal of Computer Virology and Hacking Techniques

Hidden markov models for malware classification

C. Annachhatre, T. H. Austin, M. Stamp

Published: 2015

International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing

Software abnormal behavior detection based on hidden markov model

J. Zhao, G. Huang, T. Liu, B. Cui

Published: 2017

Proceedings of 2004 International Conference on Machine Learning and Cybernetics

Modeling program behaviors by hidden markov models for intrusion detection

W. Wang, X.-H. Guan, X.-L. Zhang

Published: 2004

Integrated Management of Systems, Services, Processes and People in IT

Hidden markov model modeling of ssh brute-force attacks

A. Sperotto, R. Sadre, P.-T. de Boer, A. Pras

Published: 2009

2009 International Conference on Multimedia Information Networking and Security

A hidden markov model based framework for tracking and predicting of attack intention

X. Zan, F. Gao, J. Han, Y. Sun

Published: 2009

Int. J. Innov. Comput. Inform. Control

Anomaly network intrusion detection using hidden markov model

C.-M. Chen, D.-J. Guan, Y.-Z. Huang, Y.-H. Ou

Published: 2016

Darpa - intrusion detection evaluation dataset

Published: 2023

arxiv

被引用数 2

Computing Research Repository (CoRR)

Attacker Behaviour Profiling using Stochastic Ensemble of Hidden Markov Models

Soham Deshmukh, Rahul Rade, Faruk Kazi

Published: 2019.5.28

Cyber threat intelligence is one of the emerging areas of focus in information security. Much of the recent work has focused on rule-based methods and detection of network attacks using Intrusion Detection algorithms. In this paper we propose a framework for inspecting and modelling the behavioural aspect of an attacker to obtain better insight predictive power on his future actions. For modelling we propose a novel semi-supervised algorithm called Fusion Hidden Markov Model (FHMM) which is more robust to noise, requires comparatively less training time, and utilizes the benefits of ensemble learning to better model temporal relationships in data. This paper evaluates the performances of FHMM and compares it with both traditional algorithms like Markov Chain, Hidden Markov Model (HMM) and recently developed Deep Recurrent Neural Network (Deep RNN) architectures. We conduct the experiments on dataset consisting of real data attacks on a Cowrie honeypot system. FHMM provides accuracy comparable to deep RNN architectures at significant lower training time. Given these experimental results, we recommend using FHMM for modelling discrete temporal data for significantly faster training and better performance than existing methods.

モデル評価攻撃検出データセット分析

Pattern Recognition Letters

Cloud security based attack detection using transductive learning integrated with hidden markov model

Y. Aoudni, C. Donald, A. Farouk, K. B. Sahay, D. V. Babu, V. Tripathi, D. Dhabliya

Published: 2022

Advances in Natural Computation: First International Conference, ICNC 2005

A novel intrusions detection method based on hmm embedded neural network

W. Jiang, Y. Xu, Y. Xu

Published: 2005

arXiv

Attack prediction using hidden markov model

S. Dass, P. Datta, A. S. Namin

Published: 2021

South African Computer Journal

Applying long short-term memory recurrent neural networks to intrusion detection

R. C. Staudemeyer

Published: 2015

IEEE Communications Magazine

Leveraging lstm networks for attack detection in fog-to-things communications

A. Diro, N. Chilamkurti

Published: 2018

2018 28th International telecommunication networks and applications conference (ITNAC)

Lstm for anomaly-based network intrusion detection

S. A. Althubiti, E. M. Jones, K. Roy

Published: 2018

Journal of Big Data

Intrusion detection systems using long short-term memory (lstm)

F. Laghrissi, S. Douzi, K. Douzi, B. Hssina

Published: 2021

Emerging Technologies in Computer Engineering: Microservices in Big Data Analytics: Second International Conference, ICETCE 2019

Advance persistent threat detection using long short term memory (lstm) neural networks

P. Sai Charan, T. Gireesh Kumar, P. Mohan Anand

Published: 2019

Computers & Security

Detecting multi-stage attacks using sequence-to-sequence model

P. Zhou, G. Zhou, D. Wu, M. Fei

Published: 2021

Procedia Computer Science

A framework for fast and efficient cyber security network intrusion detection using apache spark

G. P. Gupta, M. Kulariya

Published: 2016

Procedia Computer Science

Performance evaluation of supervised machine learning algorithms for intrusion detection

M. C. Belavagi, B. Muniyal

Published: 2016

2017 IEEE International Symposium on Technologies for Homeland Security (HST)

Network attribute selection, classification and accuracy (nasca) procedure for intrusion detection systems

Z. Stefanova, K. Ramachandran

Published: 2017

2017 IEEE International Conference on Communications (ICC)

Detecting mobile botnets through machine learning and system calls analysis

V. G. da Costa, S. Barbon, R. S. Miani, J. J. Rodrigues, B. B. Zarpelao

Published: 2017

ICISSP - Proc. Int. Conf. Inf. Syst. Secur. Priv.

Characterization of tor traffic using time based features

A. Lashkari, G. Gil, M. Mamun, A. Ghorbani

Published: 2017

SoutheastCon 2017

Active learning intrusion detection using k-means clustering selection

S. McElwee

Published: 2017

2022 International Conference on IoT and Blockchain Technology (ICIBT)

A simple and robust approach of random forest for intrusion detection system in cyber security

M. Choubisa, R. Doshi, N. Khatri, K. K. Hiran

Published: 2022