Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Loughborough University Institutional Repository

Please use this identifier to cite or link to this item: https://dspace.lboro.ac.uk/2134/26600

Title: Using pattern-of-life as contextual information for anomaly-based intrusion detection systems
Authors: Aparicio-Navarro, Francisco J.
Kyriakopoulos, Konstantinos G.
Gong, Yu
Parish, David J.
Chambers, Jonathon
Keywords: Basic probability assignment
Contextual information
Dempster-Shafer theory
Fuzzy cognitive maps
Intrusion detection systems
Network security
Port scanning attack
Issue Date: 2017
Publisher: IEEE
Citation: APARICIO-NAVARRO, F.J. ... et al, 2017. Using pattern-of-life as contextual information for anomaly-based intrusion detection systems. IEEE Access, 5, pp. 22177-22193.
Abstract: As the complexity of cyber-attacks keeps increasing, new robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high-level information related to the protected network. To this aim, we make use of the Pattern-of-Life (PoL) of a computer network as the main source of high-level information. We propose two novel approaches that make use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. There are four main aims of the work. First, to evaluate the efficiency of the proposed approaches in identifying the presence of attacks. Second, to identify which of the proposed approaches to integrate FCM into the IDS framework produces the best results. Third, to identify which of the metrics used in the design of the FCM produces the best detection results. Fourth, to evidence the improved detection performance that contextual information can offer in IDSs. The results that we present verify that the proposed approaches improve the effectiveness of our IDS by reducing the total number of false alarms; providing almost perfect Detection Rate (i.e. 99.76%), and only 6.33% False Positive Rate, depending on the particular metric combination.
Description: This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/.
Sponsor: This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) Grant number EP/K014307/2 and the MOD University Defence Research Collaboration in Signal Processing.
Version: Published
DOI: 10.1109/ACCESS.2017.2762162
URI: https://dspace.lboro.ac.uk/2134/26600
Publisher Link: https://doi.org/10.1109/ACCESS.2017.2762162
ISSN: 2169-3536
Appears in Collections:Published Articles (Mechanical, Electrical and Manufacturing Engineering)

Files associated with this item:

File Description SizeFormat
08076830.pdfPublished version9.28 MBAdobe PDFView/Open


SFX Query

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.