Toward a reliable anomaly-based intrusion detection in real-world environments

Toward a reliable anomaly-based intrusion detection in real-world environments

A popular approach for detecting network intrusion attempts is to monitor the network traffic for anomalies. Extensive research effort has been invested in anomaly-based network intrusion detection using machine learning techniques; however, in general these techniques remain a research topic, rarel...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2017-11, Vol.127, p.200-216
Hauptverfasser: Viegas, Eduardo K., Santin, Altair O., Oliveira, Luiz S.
Format: Artikel
Sprache:eng
Schlagworte:
Anomaly-based classifier
Artificial intelligence
Communications traffic
Cybersecurity
Feature selection
Intrusion databases
Intrusion detection systems
Machine learning
Machine learning-based intrusion detection
Multi-objective feature selection
Properties (attributes)
Traffic flow
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 216
container_issue
container_start_page 200
container_title Computer networks (Amsterdam, Netherlands : 1999)
container_volume 127
creator Viegas, Eduardo K.
Santin, Altair O.
Oliveira, Luiz S.
description A popular approach for detecting network intrusion attempts is to monitor the network traffic for anomalies. Extensive research effort has been invested in anomaly-based network intrusion detection using machine learning techniques; however, in general these techniques remain a research topic, rarely being used in real-world environments. In general, the approaches proposed in the literature lack representative datasets and reliable evaluation methods that consider real-world network properties during the system evaluation. In general, the approaches adopt a set of assumptions about the training data, as well as about the validation methods, rendering the created system unreliable for open-world usage. This paper presents a new method for creating intrusion databases. The objective is that the databases should be easy to update and reproduce with real and valid traffic, representative, and publicly available. Using our proposed method, we propose a new evaluation scheme specific to the machine learning intrusion detection field. Sixteen intrusion databases were created, and each of the assumptions frequently adopted in studies in the intrusion detection literature regarding network traffic behavior was validated. To make machine learning detection schemes feasible, we propose a new multi-objective feature selection method that considers real-world network properties. The results show that most of the assumptions frequently applied in studies in the literature do not hold when using a machine learning detection scheme for network-based intrusion detection. However, the proposed multi-objective feature selection method allows the system accuracy to be improved by considering real-world network properties during the model creation process.
doi_str_mv 10.1016/j.comnet.2017.08.013
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1972271381</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128617303225</els_id><sourcerecordid>1972271381</sourcerecordid><originalsourceid>FETCH-LOGICAL-c334t-c2fa1daf0e4937c56ac5989bb7fe2746ebbcaf6b2caed53806c09685bd6241d3</originalsourceid><addsrcrecordid>eNp9kEtLxDAUhYMoOI7-AxcF161J2ibpRpDBFwy6mX3I4xZS2mRMOjP4781Q167uWZxzLudD6J7gimDCHofKhMnDXFFMeIVFhUl9gVZEcFpyzLrLrGvRlYQKdo1uUhowxk1DxQp97sJJRVuoIsLolB6hUD5MavwptUpgC-fneEgu-MLCDGY-K-ezW43lKcTRFuCPLgY_gZ_TLbrq1Zjg7u-u0e71Zbd5L7dfbx-b521p6rqZS0N7RazqMTRdzU3LlGk70WnNe6C8YaC1UT3T1CiwbS0wM7hjotWW0YbYeo0eltp9DN8HSLMcwiH6_FGSjlPK81ySXc3iMjGkFKGX--gmFX8kwfIMTg5yASfP4CQWMoPLsaclBnnA0UGUyTjwBqyLGYC0wf1f8AsVlHpd</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1972271381</pqid></control><display><type>article</type><title>Toward a reliable anomaly-based intrusion detection in real-world environments</title><source>Access via ScienceDirect (Elsevier)</source><creator>Viegas, Eduardo K. ; Santin, Altair O. ; Oliveira, Luiz S.</creator><creatorcontrib>Viegas, Eduardo K. ; Santin, Altair O. ; Oliveira, Luiz S.</creatorcontrib><description>A popular approach for detecting network intrusion attempts is to monitor the network traffic for anomalies. Extensive research effort has been invested in anomaly-based network intrusion detection using machine learning techniques; however, in general these techniques remain a research topic, rarely being used in real-world environments. In general, the approaches proposed in the literature lack representative datasets and reliable evaluation methods that consider real-world network properties during the system evaluation. In general, the approaches adopt a set of assumptions about the training data, as well as about the validation methods, rendering the created system unreliable for open-world usage. This paper presents a new method for creating intrusion databases. The objective is that the databases should be easy to update and reproduce with real and valid traffic, representative, and publicly available. Using our proposed method, we propose a new evaluation scheme specific to the machine learning intrusion detection field. Sixteen intrusion databases were created, and each of the assumptions frequently adopted in studies in the intrusion detection literature regarding network traffic behavior was validated. To make machine learning detection schemes feasible, we propose a new multi-objective feature selection method that considers real-world network properties. The results show that most of the assumptions frequently applied in studies in the literature do not hold when using a machine learning detection scheme for network-based intrusion detection. However, the proposed multi-objective feature selection method allows the system accuracy to be improved by considering real-world network properties during the model creation process.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2017.08.013</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Anomaly-based classifier ; Artificial intelligence ; Communications traffic ; Cybersecurity ; Feature selection ; Intrusion databases ; Intrusion detection systems ; Machine learning ; Machine learning-based intrusion detection ; Multi-objective feature selection ; Properties (attributes) ; Traffic flow</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2017-11, Vol.127, p.200-216</ispartof><rights>2017 Elsevier B.V.</rights><rights>Copyright Elsevier Sequoia S.A. Nov 9, 2017</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c334t-c2fa1daf0e4937c56ac5989bb7fe2746ebbcaf6b2caed53806c09685bd6241d3</citedby><cites>FETCH-LOGICAL-c334t-c2fa1daf0e4937c56ac5989bb7fe2746ebbcaf6b2caed53806c09685bd6241d3</cites><orcidid>0000-0002-2341-2177</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.comnet.2017.08.013$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids></links><search><creatorcontrib>Viegas, Eduardo K.</creatorcontrib><creatorcontrib>Santin, Altair O.</creatorcontrib><creatorcontrib>Oliveira, Luiz S.</creatorcontrib><title>Toward a reliable anomaly-based intrusion detection in real-world environments</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>A popular approach for detecting network intrusion attempts is to monitor the network traffic for anomalies. Extensive research effort has been invested in anomaly-based network intrusion detection using machine learning techniques; however, in general these techniques remain a research topic, rarely being used in real-world environments. In general, the approaches proposed in the literature lack representative datasets and reliable evaluation methods that consider real-world network properties during the system evaluation. In general, the approaches adopt a set of assumptions about the training data, as well as about the validation methods, rendering the created system unreliable for open-world usage. This paper presents a new method for creating intrusion databases. The objective is that the databases should be easy to update and reproduce with real and valid traffic, representative, and publicly available. Using our proposed method, we propose a new evaluation scheme specific to the machine learning intrusion detection field. Sixteen intrusion databases were created, and each of the assumptions frequently adopted in studies in the intrusion detection literature regarding network traffic behavior was validated. To make machine learning detection schemes feasible, we propose a new multi-objective feature selection method that considers real-world network properties. The results show that most of the assumptions frequently applied in studies in the literature do not hold when using a machine learning detection scheme for network-based intrusion detection. However, the proposed multi-objective feature selection method allows the system accuracy to be improved by considering real-world network properties during the model creation process.</description><subject>Anomaly-based classifier</subject><subject>Artificial intelligence</subject><subject>Communications traffic</subject><subject>Cybersecurity</subject><subject>Feature selection</subject><subject>Intrusion databases</subject><subject>Intrusion detection systems</subject><subject>Machine learning</subject><subject>Machine learning-based intrusion detection</subject><subject>Multi-objective feature selection</subject><subject>Properties (attributes)</subject><subject>Traffic flow</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNp9kEtLxDAUhYMoOI7-AxcF161J2ibpRpDBFwy6mX3I4xZS2mRMOjP4781Q167uWZxzLudD6J7gimDCHofKhMnDXFFMeIVFhUl9gVZEcFpyzLrLrGvRlYQKdo1uUhowxk1DxQp97sJJRVuoIsLolB6hUD5MavwptUpgC-fneEgu-MLCDGY-K-ezW43lKcTRFuCPLgY_gZ_TLbrq1Zjg7u-u0e71Zbd5L7dfbx-b521p6rqZS0N7RazqMTRdzU3LlGk70WnNe6C8YaC1UT3T1CiwbS0wM7hjotWW0YbYeo0eltp9DN8HSLMcwiH6_FGSjlPK81ySXc3iMjGkFKGX--gmFX8kwfIMTg5yASfP4CQWMoPLsaclBnnA0UGUyTjwBqyLGYC0wf1f8AsVlHpd</recordid><startdate>20171109</startdate><enddate>20171109</enddate><creator>Viegas, Eduardo K.</creator><creator>Santin, Altair O.</creator><creator>Oliveira, Luiz S.</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-2341-2177</orcidid></search><sort><creationdate>20171109</creationdate><title>Toward a reliable anomaly-based intrusion detection in real-world environments</title><author>Viegas, Eduardo K. ; Santin, Altair O. ; Oliveira, Luiz S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c334t-c2fa1daf0e4937c56ac5989bb7fe2746ebbcaf6b2caed53806c09685bd6241d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Anomaly-based classifier</topic><topic>Artificial intelligence</topic><topic>Communications traffic</topic><topic>Cybersecurity</topic><topic>Feature selection</topic><topic>Intrusion databases</topic><topic>Intrusion detection systems</topic><topic>Machine learning</topic><topic>Machine learning-based intrusion detection</topic><topic>Multi-objective feature selection</topic><topic>Properties (attributes)</topic><topic>Traffic flow</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Viegas, Eduardo K.</creatorcontrib><creatorcontrib>Santin, Altair O.</creatorcontrib><creatorcontrib>Oliveira, Luiz S.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library &amp; Information Sciences Abstracts (LISA)</collection><collection>Library &amp; Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Viegas, Eduardo K.</au><au>Santin, Altair O.</au><au>Oliveira, Luiz S.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Toward a reliable anomaly-based intrusion detection in real-world environments</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2017-11-09</date><risdate>2017</risdate><volume>127</volume><spage>200</spage><epage>216</epage><pages>200-216</pages><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>A popular approach for detecting network intrusion attempts is to monitor the network traffic for anomalies. Extensive research effort has been invested in anomaly-based network intrusion detection using machine learning techniques; however, in general these techniques remain a research topic, rarely being used in real-world environments. In general, the approaches proposed in the literature lack representative datasets and reliable evaluation methods that consider real-world network properties during the system evaluation. In general, the approaches adopt a set of assumptions about the training data, as well as about the validation methods, rendering the created system unreliable for open-world usage. This paper presents a new method for creating intrusion databases. The objective is that the databases should be easy to update and reproduce with real and valid traffic, representative, and publicly available. Using our proposed method, we propose a new evaluation scheme specific to the machine learning intrusion detection field. Sixteen intrusion databases were created, and each of the assumptions frequently adopted in studies in the intrusion detection literature regarding network traffic behavior was validated. To make machine learning detection schemes feasible, we propose a new multi-objective feature selection method that considers real-world network properties. The results show that most of the assumptions frequently applied in studies in the literature do not hold when using a machine learning detection scheme for network-based intrusion detection. However, the proposed multi-objective feature selection method allows the system accuracy to be improved by considering real-world network properties during the model creation process.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2017.08.013</doi><tpages>17</tpages><orcidid>https://orcid.org/0000-0002-2341-2177</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 1389-1286
ispartof Computer networks (Amsterdam, Netherlands : 1999), 2017-11, Vol.127, p.200-216
issn 1389-1286
1872-7069
language eng
recordid cdi_proquest_journals_1972271381
source Access via ScienceDirect (Elsevier)
subjects Anomaly-based classifier
Artificial intelligence
Communications traffic
Cybersecurity
Feature selection
Intrusion databases
Intrusion detection systems
Machine learning
Machine learning-based intrusion detection
Multi-objective feature selection
Properties (attributes)
Traffic flow
title Toward a reliable anomaly-based intrusion detection in real-world environments
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T10%3A27%3A25IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Toward%20a%20reliable%20anomaly-based%20intrusion%20detection%20in%20real-world%20environments&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Viegas,%20Eduardo%20K.&rft.date=2017-11-09&rft.volume=127&rft.spage=200&rft.epage=216&rft.pages=200-216&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2017.08.013&rft_dat=%3Cproquest_cross%3E1972271381%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1972271381&rft_id=info:pmid/&rft_els_id=S1389128617303225&rfr_iscdi=true