A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques

A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques

The proliferation of smart devices and computer networks has led to a huge rise in internet traffic and network attacks that necessitate efficient network traffic monitoring. There have been many attempts to address these issues; however, agile detecting solutions are needed. This research work deal...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of advanced computer science & applications 2019, Vol.10 (6)
Hauptverfasser: Tahir, Muhammad, Li, Mingchu, Zheng, Xiao, Carie, Anil, Jin, Xing, Azhar, Muhammad, Ayoub, Naeem, Wagan, Atif, Aamir, Muhammad, Ali, Liaquat, Asif, Muhammad, Hussain, Zahid
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Anomalies
Communications traffic
Computer networks
Cybersecurity
Data analysis
Datasets
Electronic devices
Internet of Things
Malware
Outliers (statistics)
Support vector machines
User behavior
User experience
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue 6
container_start_page
container_title International journal of advanced computer science & applications
container_volume 10
creator Tahir, Muhammad
Li, Mingchu
Zheng, Xiao
Carie, Anil
Jin, Xing
Azhar, Muhammad
Ayoub, Naeem
Wagan, Atif
Aamir, Muhammad
Ali, Liaquat
Asif, Muhammad
Hussain, Zahid
description The proliferation of smart devices and computer networks has led to a huge rise in internet traffic and network attacks that necessitate efficient network traffic monitoring. There have been many attempts to address these issues; however, agile detecting solutions are needed. This research work deals with the problem of malware infections or detection is one of the most challenging tasks in modern computer security. In recent years, anomaly detection has been the first detection approach followed by results from other classifiers. Anomaly detection methods are typically designed to new model normal user behaviors and then seek for deviations from this model. However, anomaly detection techniques may suffer from a variety of problems, including missing validations for verification and a large number of false positives. This work proposes and describes a new profile-based method for identifying anomalous changes in network user behaviors. Profiles describe user behaviors from different perspectives using different flags. Each profile is composed of information about what the user has done over a period of time. The symptoms extracted in the profile cover a wide range of user actions and try to analyze different actions. Compared to other symptom anomaly detectors, the profiles offer a higher level of user experience. It is assumed that it is possible to look for anomalies using high-level symptoms while producing less false positives while effectively finding real attacks. Also, the problem of obtaining truly tagged data for training anomaly detection algorithms has been addressed in this work. It has been designed and created datasets that contain real normal user actions while the user is infected with real malware. These datasets were used to train and evaluate anomaly detection algorithms. Among the investigated algorithms for example, local outlier factor (LOF) and one class support vector machine (SVM). The results show that the proposed anomaly-based and profile-based algorithm causes very few false positives and relatively high true positive detection. The two main contributions of this work are a new approaches based on network anomaly detection and datasets containing a combination of genuine malware and actual user traffic. Finally, the future directions will focus on applying the proposed approaches for protecting the internet of things (IOT) devices.
doi_str_mv 10.14569/IJACSA.2019.0100641
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2656385467</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2656385467</sourcerecordid><originalsourceid>FETCH-LOGICAL-c274t-e309bea6268af89ab3bfaef8f1608df76fdb82c953c6267878f969ffa84e921c3</originalsourceid><addsrcrecordid>eNotkMtOwzAQRS0EElXpH7CwxDrFjmPHXobyKqoKEkXqznKSMU1J42InRf170sdsZjQ6mjs6CN1SMqYJF-p--pZNPrNxTKgaE0qISOgFGsSUi4jzlFweZxlRki6v0SiENemLqVhINkDLDM_dDmo8h_bP-R_cBfD4AVZmVzkfsGlK_OGdrWrACwht1Xzj3AQosWtw1riNqff4EVoo2qrfLKBYNdVvB-EGXVlTBxid-xB9PT8tJq_R7P1lOslmURGnSRsBIyoHI_pvjJXK5Cy3Bqy0VBBZ2lTYMpdxoTgreiaVqbRKKGuNTEDFtGBDdHe6u_XukNvqtet800fqWHDBJE9E2lPJiSq8C8GD1VtfbYzfa0r0UaM-adQHjfqskf0D7uZmHA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2656385467</pqid></control><display><type>article</type><title>A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques</title><source>EZB-FREE-00999 freely available EZB journals</source><creator>Tahir, Muhammad ; Li, Mingchu ; Zheng, Xiao ; Carie, Anil ; Jin, Xing ; Azhar, Muhammad ; Ayoub, Naeem ; Wagan, Atif ; Aamir, Muhammad ; Ali, Liaquat ; Asif, Muhammad ; Hussain, Zahid</creator><creatorcontrib>Tahir, Muhammad ; Li, Mingchu ; Zheng, Xiao ; Carie, Anil ; Jin, Xing ; Azhar, Muhammad ; Ayoub, Naeem ; Wagan, Atif ; Aamir, Muhammad ; Ali, Liaquat ; Asif, Muhammad ; Hussain, Zahid</creatorcontrib><description>The proliferation of smart devices and computer networks has led to a huge rise in internet traffic and network attacks that necessitate efficient network traffic monitoring. There have been many attempts to address these issues; however, agile detecting solutions are needed. This research work deals with the problem of malware infections or detection is one of the most challenging tasks in modern computer security. In recent years, anomaly detection has been the first detection approach followed by results from other classifiers. Anomaly detection methods are typically designed to new model normal user behaviors and then seek for deviations from this model. However, anomaly detection techniques may suffer from a variety of problems, including missing validations for verification and a large number of false positives. This work proposes and describes a new profile-based method for identifying anomalous changes in network user behaviors. Profiles describe user behaviors from different perspectives using different flags. Each profile is composed of information about what the user has done over a period of time. The symptoms extracted in the profile cover a wide range of user actions and try to analyze different actions. Compared to other symptom anomaly detectors, the profiles offer a higher level of user experience. It is assumed that it is possible to look for anomalies using high-level symptoms while producing less false positives while effectively finding real attacks. Also, the problem of obtaining truly tagged data for training anomaly detection algorithms has been addressed in this work. It has been designed and created datasets that contain real normal user actions while the user is infected with real malware. These datasets were used to train and evaluate anomaly detection algorithms. Among the investigated algorithms for example, local outlier factor (LOF) and one class support vector machine (SVM). The results show that the proposed anomaly-based and profile-based algorithm causes very few false positives and relatively high true positive detection. The two main contributions of this work are a new approaches based on network anomaly detection and datasets containing a combination of genuine malware and actual user traffic. Finally, the future directions will focus on applying the proposed approaches for protecting the internet of things (IOT) devices.</description><identifier>ISSN: 2158-107X</identifier><identifier>EISSN: 2156-5570</identifier><identifier>DOI: 10.14569/IJACSA.2019.0100641</identifier><language>eng</language><publisher>West Yorkshire: Science and Information (SAI) Organization Limited</publisher><subject>Algorithms ; Anomalies ; Communications traffic ; Computer networks ; Cybersecurity ; Data analysis ; Datasets ; Electronic devices ; Internet of Things ; Malware ; Outliers (statistics) ; Support vector machines ; User behavior ; User experience</subject><ispartof>International journal of advanced computer science &amp; applications, 2019, Vol.10 (6)</ispartof><rights>2019. This work is licensed under https://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,778,782,4012,27906,27907,27908</link.rule.ids></links><search><creatorcontrib>Tahir, Muhammad</creatorcontrib><creatorcontrib>Li, Mingchu</creatorcontrib><creatorcontrib>Zheng, Xiao</creatorcontrib><creatorcontrib>Carie, Anil</creatorcontrib><creatorcontrib>Jin, Xing</creatorcontrib><creatorcontrib>Azhar, Muhammad</creatorcontrib><creatorcontrib>Ayoub, Naeem</creatorcontrib><creatorcontrib>Wagan, Atif</creatorcontrib><creatorcontrib>Aamir, Muhammad</creatorcontrib><creatorcontrib>Ali, Liaquat</creatorcontrib><creatorcontrib>Asif, Muhammad</creatorcontrib><creatorcontrib>Hussain, Zahid</creatorcontrib><title>A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques</title><title>International journal of advanced computer science &amp; applications</title><description>The proliferation of smart devices and computer networks has led to a huge rise in internet traffic and network attacks that necessitate efficient network traffic monitoring. There have been many attempts to address these issues; however, agile detecting solutions are needed. This research work deals with the problem of malware infections or detection is one of the most challenging tasks in modern computer security. In recent years, anomaly detection has been the first detection approach followed by results from other classifiers. Anomaly detection methods are typically designed to new model normal user behaviors and then seek for deviations from this model. However, anomaly detection techniques may suffer from a variety of problems, including missing validations for verification and a large number of false positives. This work proposes and describes a new profile-based method for identifying anomalous changes in network user behaviors. Profiles describe user behaviors from different perspectives using different flags. Each profile is composed of information about what the user has done over a period of time. The symptoms extracted in the profile cover a wide range of user actions and try to analyze different actions. Compared to other symptom anomaly detectors, the profiles offer a higher level of user experience. It is assumed that it is possible to look for anomalies using high-level symptoms while producing less false positives while effectively finding real attacks. Also, the problem of obtaining truly tagged data for training anomaly detection algorithms has been addressed in this work. It has been designed and created datasets that contain real normal user actions while the user is infected with real malware. These datasets were used to train and evaluate anomaly detection algorithms. Among the investigated algorithms for example, local outlier factor (LOF) and one class support vector machine (SVM). The results show that the proposed anomaly-based and profile-based algorithm causes very few false positives and relatively high true positive detection. The two main contributions of this work are a new approaches based on network anomaly detection and datasets containing a combination of genuine malware and actual user traffic. Finally, the future directions will focus on applying the proposed approaches for protecting the internet of things (IOT) devices.</description><subject>Algorithms</subject><subject>Anomalies</subject><subject>Communications traffic</subject><subject>Computer networks</subject><subject>Cybersecurity</subject><subject>Data analysis</subject><subject>Datasets</subject><subject>Electronic devices</subject><subject>Internet of Things</subject><subject>Malware</subject><subject>Outliers (statistics)</subject><subject>Support vector machines</subject><subject>User behavior</subject><subject>User experience</subject><issn>2158-107X</issn><issn>2156-5570</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>8G5</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><sourceid>GUQSH</sourceid><sourceid>M2O</sourceid><recordid>eNotkMtOwzAQRS0EElXpH7CwxDrFjmPHXobyKqoKEkXqznKSMU1J42InRf170sdsZjQ6mjs6CN1SMqYJF-p--pZNPrNxTKgaE0qISOgFGsSUi4jzlFweZxlRki6v0SiENemLqVhINkDLDM_dDmo8h_bP-R_cBfD4AVZmVzkfsGlK_OGdrWrACwht1Xzj3AQosWtw1riNqff4EVoo2qrfLKBYNdVvB-EGXVlTBxid-xB9PT8tJq_R7P1lOslmURGnSRsBIyoHI_pvjJXK5Cy3Bqy0VBBZ2lTYMpdxoTgreiaVqbRKKGuNTEDFtGBDdHe6u_XukNvqtet800fqWHDBJE9E2lPJiSq8C8GD1VtfbYzfa0r0UaM-adQHjfqskf0D7uZmHA</recordid><startdate>2019</startdate><enddate>2019</enddate><creator>Tahir, Muhammad</creator><creator>Li, Mingchu</creator><creator>Zheng, Xiao</creator><creator>Carie, Anil</creator><creator>Jin, Xing</creator><creator>Azhar, Muhammad</creator><creator>Ayoub, Naeem</creator><creator>Wagan, Atif</creator><creator>Aamir, Muhammad</creator><creator>Ali, Liaquat</creator><creator>Asif, Muhammad</creator><creator>Hussain, Zahid</creator><general>Science and Information (SAI) Organization Limited</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7XB</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8G5</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>GUQSH</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>M2O</scope><scope>MBDVC</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope></search><sort><creationdate>2019</creationdate><title>A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques</title><author>Tahir, Muhammad ; Li, Mingchu ; Zheng, Xiao ; Carie, Anil ; Jin, Xing ; Azhar, Muhammad ; Ayoub, Naeem ; Wagan, Atif ; Aamir, Muhammad ; Ali, Liaquat ; Asif, Muhammad ; Hussain, Zahid</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c274t-e309bea6268af89ab3bfaef8f1608df76fdb82c953c6267878f969ffa84e921c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Algorithms</topic><topic>Anomalies</topic><topic>Communications traffic</topic><topic>Computer networks</topic><topic>Cybersecurity</topic><topic>Data analysis</topic><topic>Datasets</topic><topic>Electronic devices</topic><topic>Internet of Things</topic><topic>Malware</topic><topic>Outliers (statistics)</topic><topic>Support vector machines</topic><topic>User behavior</topic><topic>User experience</topic><toplevel>online_resources</toplevel><creatorcontrib>Tahir, Muhammad</creatorcontrib><creatorcontrib>Li, Mingchu</creatorcontrib><creatorcontrib>Zheng, Xiao</creatorcontrib><creatorcontrib>Carie, Anil</creatorcontrib><creatorcontrib>Jin, Xing</creatorcontrib><creatorcontrib>Azhar, Muhammad</creatorcontrib><creatorcontrib>Ayoub, Naeem</creatorcontrib><creatorcontrib>Wagan, Atif</creatorcontrib><creatorcontrib>Aamir, Muhammad</creatorcontrib><creatorcontrib>Ali, Liaquat</creatorcontrib><creatorcontrib>Asif, Muhammad</creatorcontrib><creatorcontrib>Hussain, Zahid</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>Research Library (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>Research Library Prep</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Research Library</collection><collection>Research Library (Corporate)</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of advanced computer science &amp; applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Tahir, Muhammad</au><au>Li, Mingchu</au><au>Zheng, Xiao</au><au>Carie, Anil</au><au>Jin, Xing</au><au>Azhar, Muhammad</au><au>Ayoub, Naeem</au><au>Wagan, Atif</au><au>Aamir, Muhammad</au><au>Ali, Liaquat</au><au>Asif, Muhammad</au><au>Hussain, Zahid</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques</atitle><jtitle>International journal of advanced computer science &amp; applications</jtitle><date>2019</date><risdate>2019</risdate><volume>10</volume><issue>6</issue><issn>2158-107X</issn><eissn>2156-5570</eissn><abstract>The proliferation of smart devices and computer networks has led to a huge rise in internet traffic and network attacks that necessitate efficient network traffic monitoring. There have been many attempts to address these issues; however, agile detecting solutions are needed. This research work deals with the problem of malware infections or detection is one of the most challenging tasks in modern computer security. In recent years, anomaly detection has been the first detection approach followed by results from other classifiers. Anomaly detection methods are typically designed to new model normal user behaviors and then seek for deviations from this model. However, anomaly detection techniques may suffer from a variety of problems, including missing validations for verification and a large number of false positives. This work proposes and describes a new profile-based method for identifying anomalous changes in network user behaviors. Profiles describe user behaviors from different perspectives using different flags. Each profile is composed of information about what the user has done over a period of time. The symptoms extracted in the profile cover a wide range of user actions and try to analyze different actions. Compared to other symptom anomaly detectors, the profiles offer a higher level of user experience. It is assumed that it is possible to look for anomalies using high-level symptoms while producing less false positives while effectively finding real attacks. Also, the problem of obtaining truly tagged data for training anomaly detection algorithms has been addressed in this work. It has been designed and created datasets that contain real normal user actions while the user is infected with real malware. These datasets were used to train and evaluate anomaly detection algorithms. Among the investigated algorithms for example, local outlier factor (LOF) and one class support vector machine (SVM). The results show that the proposed anomaly-based and profile-based algorithm causes very few false positives and relatively high true positive detection. The two main contributions of this work are a new approaches based on network anomaly detection and datasets containing a combination of genuine malware and actual user traffic. Finally, the future directions will focus on applying the proposed approaches for protecting the internet of things (IOT) devices.</abstract><cop>West Yorkshire</cop><pub>Science and Information (SAI) Organization Limited</pub><doi>10.14569/IJACSA.2019.0100641</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2158-107X
ispartof International journal of advanced computer science & applications, 2019, Vol.10 (6)
issn 2158-107X
2156-5570
language eng
recordid cdi_proquest_journals_2656385467
source EZB-FREE-00999 freely available EZB journals
subjects Algorithms
Anomalies
Communications traffic
Computer networks
Cybersecurity
Data analysis
Datasets
Electronic devices
Internet of Things
Malware
Outliers (statistics)
Support vector machines
User behavior
User experience
title A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T07%3A31%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Novel%20Network%20user%20Behaviors%20and%20Profile%20Testing%20based%20on%20Anomaly%20Detection%20Techniques&rft.jtitle=International%20journal%20of%20advanced%20computer%20science%20&%20applications&rft.au=Tahir,%20Muhammad&rft.date=2019&rft.volume=10&rft.issue=6&rft.issn=2158-107X&rft.eissn=2156-5570&rft_id=info:doi/10.14569/IJACSA.2019.0100641&rft_dat=%3Cproquest_cross%3E2656385467%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2656385467&rft_id=info:pmid/&rfr_iscdi=true