Anomaly based approaches in network intrusion detection suffer from evaluation, comparison and deployment which originate from the scarcity of adequate publicly available network trace datasets. Also, publicly availab...Anomaly based approaches in network intrusion detection suffer from evaluation, comparison and deployment which originate from the scarcity of adequate publicly available network trace datasets. Also, publicly available datasets are either outdated or generated in a controlled environment. Due to the ubiquity of cloud computing environments in commercial and government internet services, there is a need to assess the impacts of network attacks in cloud data centers. To the best of our knowledge, there is no publicly available dataset which captures the normal and anomalous network traces in the interactions between cloud users and cloud data centers. In this paper, we present an experimental platform designed to represent a practical interaction between cloud users and cloud services and collect network traces resulting from this interaction to conduct anomaly detection. We use Amazon web services (AWS) platform for conducting our experiments.展开更多
In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation;a package for computing the int...In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation;a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as the optimal operating point. Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. The cost-based extension is used to select optimal operating point, calculate expected cost, and compare two actual intrusion detectors. The proposed cost-based extension of intrusion detection capability will be very useful to information technology (IT), telecommunication firms, and financial institutions, for making proper decisions in evaluating the suitability of an IDS for a specific operational environment.展开更多
This survey aims to deliver an extensive and well-constructed overview of using machine learning for the problem of detecting anomalies in streaming datasets. The objective is to provide the effectiveness of using Hoe...This survey aims to deliver an extensive and well-constructed overview of using machine learning for the problem of detecting anomalies in streaming datasets. The objective is to provide the effectiveness of using Hoeffding Trees as a machine learning algorithm solution for the problem of detecting anomalies in streaming cyber datasets. In this survey we categorize the existing research works of Hoeffding Trees which can be feasible for this type of study into the following: surveying distributed Hoeffding Trees, surveying ensembles of Hoeffding Trees and surveying existing techniques using Hoeffding Trees for anomaly detection. These categories are referred to as compositions within this paper and were selected based on their relation to streaming data and the flexibility of their techniques for use within different domains of streaming data. We discuss the relevance of how combining the techniques of the proposed research works within these compositions can be used to address the anomaly detection problem in streaming cyber datasets. The goal is to show how a combination of techniques from different compositions can solve a prominent problem, anomaly detection.展开更多
Mobile Ad-Hoc Networks (MANETs) are highly vulnerable to insider jamming attacks. Several approaches to detect insider jammers in MANET have been proposed. However, once the insider jammer is detected and removed from...Mobile Ad-Hoc Networks (MANETs) are highly vulnerable to insider jamming attacks. Several approaches to detect insider jammers in MANET have been proposed. However, once the insider jammer is detected and removed from the network, it is possible for the insider jammer to leverage the knowledge of insider information to launch a future attack. In this paper, we focus on collaborative smart jamming attacks, where the attackers who have been detected as insider jammers in a MANET, return to attack the MANET based on the knowledge learned. The MANET uses a reputation-based coalition game to detect insider jammers. In the collaborative smart jamming attack, two or more smart jammers will form a coalition to attack the coalitions in the MANET. The smart jammers were detected and then excluded from their initial coalition, they then regrouped to start their own coalition and share previously gained knowledge about legitimate nodes in their erstwhile coalition with the aim of achieving a highly coordinated successful jamming attack on the legitimate coalition. The success of the attack largely depends on the insider jammer’s collective knowledge about the MANET. We present a technique to appropriately represent knowledge gathered by insider jammers which would lead to a successful attack. Simulation results in NS2 depict that coalition of jammers can leverage past knowledge to successfully attack MANET.展开更多
文摘Anomaly based approaches in network intrusion detection suffer from evaluation, comparison and deployment which originate from the scarcity of adequate publicly available network trace datasets. Also, publicly available datasets are either outdated or generated in a controlled environment. Due to the ubiquity of cloud computing environments in commercial and government internet services, there is a need to assess the impacts of network attacks in cloud data centers. To the best of our knowledge, there is no publicly available dataset which captures the normal and anomalous network traces in the interactions between cloud users and cloud data centers. In this paper, we present an experimental platform designed to represent a practical interaction between cloud users and cloud services and collect network traces resulting from this interaction to conduct anomaly detection. We use Amazon web services (AWS) platform for conducting our experiments.
文摘In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation;a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as the optimal operating point. Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. The cost-based extension is used to select optimal operating point, calculate expected cost, and compare two actual intrusion detectors. The proposed cost-based extension of intrusion detection capability will be very useful to information technology (IT), telecommunication firms, and financial institutions, for making proper decisions in evaluating the suitability of an IDS for a specific operational environment.
文摘This survey aims to deliver an extensive and well-constructed overview of using machine learning for the problem of detecting anomalies in streaming datasets. The objective is to provide the effectiveness of using Hoeffding Trees as a machine learning algorithm solution for the problem of detecting anomalies in streaming cyber datasets. In this survey we categorize the existing research works of Hoeffding Trees which can be feasible for this type of study into the following: surveying distributed Hoeffding Trees, surveying ensembles of Hoeffding Trees and surveying existing techniques using Hoeffding Trees for anomaly detection. These categories are referred to as compositions within this paper and were selected based on their relation to streaming data and the flexibility of their techniques for use within different domains of streaming data. We discuss the relevance of how combining the techniques of the proposed research works within these compositions can be used to address the anomaly detection problem in streaming cyber datasets. The goal is to show how a combination of techniques from different compositions can solve a prominent problem, anomaly detection.
文摘Mobile Ad-Hoc Networks (MANETs) are highly vulnerable to insider jamming attacks. Several approaches to detect insider jammers in MANET have been proposed. However, once the insider jammer is detected and removed from the network, it is possible for the insider jammer to leverage the knowledge of insider information to launch a future attack. In this paper, we focus on collaborative smart jamming attacks, where the attackers who have been detected as insider jammers in a MANET, return to attack the MANET based on the knowledge learned. The MANET uses a reputation-based coalition game to detect insider jammers. In the collaborative smart jamming attack, two or more smart jammers will form a coalition to attack the coalitions in the MANET. The smart jammers were detected and then excluded from their initial coalition, they then regrouped to start their own coalition and share previously gained knowledge about legitimate nodes in their erstwhile coalition with the aim of achieving a highly coordinated successful jamming attack on the legitimate coalition. The success of the attack largely depends on the insider jammer’s collective knowledge about the MANET. We present a technique to appropriately represent knowledge gathered by insider jammers which would lead to a successful attack. Simulation results in NS2 depict that coalition of jammers can leverage past knowledge to successfully attack MANET.
