A training-resistant anomaly detection system

A training-resistant anomaly detection system

Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detecti...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2018-07, Vol.76, p.1-11
Hauptverfasser: Muller, Steve, Lancrenon, Jean, Harpes, Carlo, Le Traon, Yves, Gombault, Sylvain, Bonnin, Jean-Marie
Format: Artikel
Sprache:eng
Schlagworte:
Anomalies
Anomaly detection
Artificial intelligence
Computer Science
Cryptography and Security
Cybersecurity
Intrusion detection system
Intrusion detection systems
Machine learning
Malware
Network security
Studies
Training attack
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine learning based detection schemes, and how it can be detected.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2018.02.015