A training-resistant anomaly detection system

Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detecti...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Computers & security 2018-07, Vol.76, p.1-11
Hauptverfasser:	Muller, Steve, Lancrenon, Jean, Harpes, Carlo, Le Traon, Yves, Gombault, Sylvain, Bonnin, Jean-Marie
Format:	Artikel
Sprache:	eng
Schlagworte:	Anomalies Anomaly detection Artificial intelligence Computer Science Cryptography and Security Cybersecurity Intrusion detection system Intrusion detection systems Machine learning Malware Network security Studies Training attack
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	11
container_issue
container_start_page	1
container_title	Computers & security
container_volume	76
creator	Muller, Steve Lancrenon, Jean Harpes, Carlo Le Traon, Yves Gombault, Sylvain Bonnin, Jean-Marie
description	Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine learning based detection schemes, and how it can be detected.
doi_str_mv	10.1016/j.cose.2018.02.015
format	Article
fullrecord	<record><control><sourceid>proquest_hal_p</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_01836374v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S016740481830155X</els_id><sourcerecordid>2094501554</sourcerecordid><originalsourceid>FETCH-LOGICAL-c406t-deaa4791bedffbada9978c44aee3037c88ac61acc2c7c9c5c75de760f0b98523</originalsourceid><addsrcrecordid>eNp9kM9LwzAUx4MoOKf_gKeCJw-tL2napOBlDHXCwMvuIUtfNWVrZpIN9t-bUvHo6cHj830_PoTcUygo0PqpL4wLWDCgsgBWAK0uyIxKwfKagbwkswSJnAOX1-QmhB6AilrKGckXWfTaDnb4zD0GG6IeYqYHt9e7c9ZiRBOtG7JwDhH3t-Sq07uAd791TjavL5vlKl9_vL0vF-vccKhj3qLWXDR0i23XbXWrm0ZIw7lGLKEURkptaqqNYUaYxlRGVC2KGjrYNrJi5Zw8TmO_9E4dvN1rf1ZOW7VarNXYS2-WdSn4iSb2YWIP3n0fMUTVu6Mf0nWKQcOrpKLiiWITZbwLwWP3N5aCGg2qXo0G1WhQAUsbqhR6nkKYXj1Z9CoYi4PB1vqkRbXO_hf_AWdueUE</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2094501554</pqid></control><display><type>article</type><title>A training-resistant anomaly detection system</title><source>Elsevier ScienceDirect Journals</source><creator>Muller, Steve ; Lancrenon, Jean ; Harpes, Carlo ; Le Traon, Yves ; Gombault, Sylvain ; Bonnin, Jean-Marie</creator><creatorcontrib>Muller, Steve ; Lancrenon, Jean ; Harpes, Carlo ; Le Traon, Yves ; Gombault, Sylvain ; Bonnin, Jean-Marie</creatorcontrib><description>Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine learning based detection schemes, and how it can be detected.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2018.02.015</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Anomalies ; Anomaly detection ; Artificial intelligence ; Computer Science ; Cryptography and Security ; Cybersecurity ; Intrusion detection system ; Intrusion detection systems ; Machine learning ; Malware ; Network security ; Studies ; Training attack</subject><ispartof>Computers & security, 2018-07, Vol.76, p.1-11</ispartof><rights>2018 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Jul 2018</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c406t-deaa4791bedffbada9978c44aee3037c88ac61acc2c7c9c5c75de760f0b98523</citedby><cites>FETCH-LOGICAL-c406t-deaa4791bedffbada9978c44aee3037c88ac61acc2c7c9c5c75de760f0b98523</cites><orcidid>0000-0002-2961-7587</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S016740481830155X$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>230,314,776,780,881,3537,27901,27902,65306</link.rule.ids><backlink>$$Uhttps://hal.science/hal-01836374$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Muller, Steve</creatorcontrib><creatorcontrib>Lancrenon, Jean</creatorcontrib><creatorcontrib>Harpes, Carlo</creatorcontrib><creatorcontrib>Le Traon, Yves</creatorcontrib><creatorcontrib>Gombault, Sylvain</creatorcontrib><creatorcontrib>Bonnin, Jean-Marie</creatorcontrib><title>A training-resistant anomaly detection system</title><title>Computers & security</title><description>Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine learning based detection schemes, and how it can be detected.</description><subject>Anomalies</subject><subject>Anomaly detection</subject><subject>Artificial intelligence</subject><subject>Computer Science</subject><subject>Cryptography and Security</subject><subject>Cybersecurity</subject><subject>Intrusion detection system</subject><subject>Intrusion detection systems</subject><subject>Machine learning</subject><subject>Malware</subject><subject>Network security</subject><subject>Studies</subject><subject>Training attack</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><recordid>eNp9kM9LwzAUx4MoOKf_gKeCJw-tL2napOBlDHXCwMvuIUtfNWVrZpIN9t-bUvHo6cHj830_PoTcUygo0PqpL4wLWDCgsgBWAK0uyIxKwfKagbwkswSJnAOX1-QmhB6AilrKGckXWfTaDnb4zD0GG6IeYqYHt9e7c9ZiRBOtG7JwDhH3t-Sq07uAd791TjavL5vlKl9_vL0vF-vccKhj3qLWXDR0i23XbXWrm0ZIw7lGLKEURkptaqqNYUaYxlRGVC2KGjrYNrJi5Zw8TmO_9E4dvN1rf1ZOW7VarNXYS2-WdSn4iSb2YWIP3n0fMUTVu6Mf0nWKQcOrpKLiiWITZbwLwWP3N5aCGg2qXo0G1WhQAUsbqhR6nkKYXj1Z9CoYi4PB1vqkRbXO_hf_AWdueUE</recordid><startdate>201807</startdate><enddate>201807</enddate><creator>Muller, Steve</creator><creator>Lancrenon, Jean</creator><creator>Harpes, Carlo</creator><creator>Le Traon, Yves</creator><creator>Gombault, Sylvain</creator><creator>Bonnin, Jean-Marie</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>1XC</scope><orcidid>https://orcid.org/0000-0002-2961-7587</orcidid></search><sort><creationdate>201807</creationdate><title>A training-resistant anomaly detection system</title><author>Muller, Steve ; Lancrenon, Jean ; Harpes, Carlo ; Le Traon, Yves ; Gombault, Sylvain ; Bonnin, Jean-Marie</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c406t-deaa4791bedffbada9978c44aee3037c88ac61acc2c7c9c5c75de760f0b98523</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Anomalies</topic><topic>Anomaly detection</topic><topic>Artificial intelligence</topic><topic>Computer Science</topic><topic>Cryptography and Security</topic><topic>Cybersecurity</topic><topic>Intrusion detection system</topic><topic>Intrusion detection systems</topic><topic>Machine learning</topic><topic>Malware</topic><topic>Network security</topic><topic>Studies</topic><topic>Training attack</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Muller, Steve</creatorcontrib><creatorcontrib>Lancrenon, Jean</creatorcontrib><creatorcontrib>Harpes, Carlo</creatorcontrib><creatorcontrib>Le Traon, Yves</creatorcontrib><creatorcontrib>Gombault, Sylvain</creatorcontrib><creatorcontrib>Bonnin, Jean-Marie</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Hyper Article en Ligne (HAL)</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Muller, Steve</au><au>Lancrenon, Jean</au><au>Harpes, Carlo</au><au>Le Traon, Yves</au><au>Gombault, Sylvain</au><au>Bonnin, Jean-Marie</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A training-resistant anomaly detection system</atitle><jtitle>Computers & security</jtitle><date>2018-07</date><risdate>2018</risdate><volume>76</volume><spage>1</spage><epage>11</epage><pages>1-11</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine learning based detection schemes, and how it can be detected.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2018.02.015</doi><tpages>11</tpages><orcidid>https://orcid.org/0000-0002-2961-7587</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 0167-4048
ispartof	Computers & security, 2018-07, Vol.76, p.1-11
issn	0167-4048 1872-6208
language	eng
recordid	cdi_hal_primary_oai_HAL_hal_01836374v1
source	Elsevier ScienceDirect Journals
subjects	Anomalies Anomaly detection Artificial intelligence Computer Science Cryptography and Security Cybersecurity Intrusion detection system Intrusion detection systems Machine learning Malware Network security Studies Training attack
title	A training-resistant anomaly detection system
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-09T10%3A27%3A15IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_hal_p&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20training-resistant%20anomaly%20detection%20system&rft.jtitle=Computers%20&%20security&rft.au=Muller,%20Steve&rft.date=2018-07&rft.volume=76&rft.spage=1&rft.epage=11&rft.pages=1-11&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2018.02.015&rft_dat=%3Cproquest_hal_p%3E2094501554%3C/proquest_hal_p%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2094501554&rft_id=info:pmid/&rft_els_id=S016740481830155X&rfr_iscdi=true