+44 (0)1509 263171
Please use this identifier to cite or link to this item:
|Title: ||Using pattern-of-life as contextual information for anomaly-based intrusion detection systems|
|Authors: ||Aparicio-Navarro, Francisco J.|
Kyriakopoulos, Konstantinos G.
Parish, David J.
|Keywords: ||Basic probability assignment|
Fuzzy cognitive maps
Intrusion detection systems
Port scanning attack
|Issue Date: ||2017|
|Citation: ||APARICIO-NAVARRO, F.J. ... et al, 2017. Using pattern-of-life as contextual information for anomaly-based intrusion detection systems. IEEE Access, In Press, doi: 10.1109/ACCESS.2017.2762162|
|Abstract: ||As the complexity of cyber-attacks keeps increasing, new robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high-level information related to the protected network. To this aim, we make use of the Pattern-of-Life (PoL) of a computer network as the main source of high-level information. We propose two novel approaches that make use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. There are four main aims of the work. First, to evaluate the efficiency of the proposed approaches in identifying the presence of attacks. Second, to identify which of the proposed approaches to integrate FCM into the IDS framework produces the best results. Third, to identify which of the metrics used in the design of the FCM produces the best detection results. Fourth, to evidence the improved detection performance that contextual information can offer in IDSs. The results that we present verify that the proposed approaches improve the effectiveness of our IDS by reducing the total number of false alarms; providing almost perfect Detection Rate (i.e. 99.76%), and only 6.33% False Positive Rate, depending on the particular metric combination.|
|Description: ||This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/.|
|Sponsor: ||This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) Grant number EP/K014307/2 and the MOD University Defence Research Collaboration in Signal Processing.|
|Version: ||Accepted for publication|
|Publisher Link: ||https://doi.org/10.1109/ACCESS.2017.2762162|
|Appears in Collections:||Published Articles (Mechanical, Electrical and Manufacturing Engineering)|
Files associated with this item:
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.