Using the pattern-of-life in networks to improve the effectiveness of intrusion detection systems

2017 IEEE International Conference on Communications (ICC) Pub Date : 2017-07-31 DOI:10.1109/ICC.2017.7997374

Francisco J. Aparicio-Navarro, J. Chambers, K. Kyriakopoulos, Yu Gong, D. Parish

{"title":"Using the pattern-of-life in networks to improve the effectiveness of intrusion detection systems","authors":"Francisco J. Aparicio-Navarro, J. Chambers, K. Kyriakopoulos, Yu Gong, D. Parish","doi":"10.1109/ICC.2017.7997374","DOIUrl":null,"url":null,"abstract":"As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available highlevel information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination.","PeriodicalId":6517,"journal":{"name":"2017 IEEE International Conference on Communications (ICC)","volume":"68 1","pages":"1-7"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Communications (ICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICC.2017.7997374","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available highlevel information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination.

查看原文本刊更多论文

利用网络生命模式提高入侵检测系统的有效性

随着网络攻击的复杂性不断增加，需要开发新的、更强大的检测机制。下一代入侵检测系统(ids)不仅要能够根据可测量的网络流量，而且要能够根据与被保护网络相关的可用高层信息来调整其检测特性，以提高检测结果。我们利用网络的生活模式(Pattern-of-Life, PoL)作为高级信息的主要来源，这些信息与一天中的时间和网络资源的使用情况相关。我们建议使用模糊认知图(FCM)将PoL纳入检测过程。这项工作的主要目的是证明使用FCM利用网络相关上下文信息提高了IDS的检测性能。我们提出的结果验证了所提出的方法通过减少误报总数来提高IDS的有效性;当所有考虑的指标组合在一起时，提供9.68%的改进，峰值改进高达35.64%，具体取决于特定的指标组合。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE International Conference on Communications (ICC)

自引率

0.00%

发文量