Netspot: a simple Intrusion Detection System with statistical learning

被引:4
|
作者
Siffer, Alban [1 ]
Fouque, Pierre-Alain [2 ]
Termier, Alexandre [3 ]
Largouet, Christine [4 ]
机构
[1] Univ Rennes, IRISA, CNRS, Amossys, Rennes, France
[2] Univ Rennes, IRISA, CNRS, Rennes, France
[3] Univ Rennes, IRISA, CNRS, INRIA, Rennes, France
[4] CNRS, IRISA, INRIA, AgroCampus Ouest, Rennes, France
来源
2020 IEEE 19TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2020) | 2020年
关键词
Network security; Intrusion detection systems; Statistical Learning;
D O I
10.1109/TrustCom50675.2020.00122
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Machine learning is nowadays increasingly used in cyber-security. While intrusion detection was mainly based on human expertise in the 1990s, learning models to predict attacks are now built from data. However, a large part of the developed learning algorithms hitherto has missed real-world issues, making them unpractical. Indeed, many supervised algorithms described in the literature have been trained and tuned only on the KDD99 dataset. Besides, these algorithms are often static and are unable to automatically adapt for detecting attacks depending on the network traffic. Consequently, we are far from detecting zero-day or more general Advanced Persistent Threats (APT) since only pre-registered and well-characterized attacks can be catched. Some recent systems use unsupervised ML algorithms, but the resulting tools are overly complex: many ML components are stacked with various tuning parameters, usually making the results hard to interpret. And finally, a strong ML/DM expertise is required to set up these systems on real networks. We present netspot, a very simple network intrusion detection system (NIDS) powered by SPOT, a recent streaming statistical anomaly detector. This statistical test uses Extreme Value Theory, which is a powerful method for detecting anomalies. Unlike all the previous works, it is not an end-to-end solution aimed to detect all cyber-attacks with packet resolution. It is rather a module providing a behavioral information which can be integrated in a more general monitoring system. netspot is simple: it has few (simple) parameters, it adapts along time to the monitored network and it is as fast as current rule-based methods. But most importantly, it is able to detect real-world cyber-attacks, making it a credible practical anomaly-based NIDS.
引用
收藏
页码:912 / 919
页数:8
相关论文
共 50 条
  • [31] Application of Deep Learning Technique in an Intrusion Detection System
    Saraeian, Shideh
    Golchi, Mahya Mohammadi
    INTERNATIONAL JOURNAL OF COMPUTATIONAL INTELLIGENCE AND APPLICATIONS, 2020, 19 (02)
  • [32] HYBRID MACHINE LEARNING TECHNIQUE FOR INTRUSION DETECTION SYSTEM
    Tahir, Hatim Mohamad
    Hasan, Wael
    Said, Abas Md
    Zakaria, Nur Haryani
    Katuk, Norliza
    Kabir, Nur Farzana
    Omar, Mohd Hasbullah
    Ghazali, Osman
    Yahya, Noor Izzah
    PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON COMPUTING & INFORMATICS, 2015, : 464 - 472
  • [33] Fast Learning Neural Network Intrusion Detection System
    Koch, Robert
    Dreo, Gabi
    SCALABILITY OF NETWORKS AND SERVICES, PROCEEDINGS, 2009, 5637 : 187 - 190
  • [34] Machine learning approach to realtime intrusion detection system
    Kim, BJ
    Kim, IK
    AI 2005: ADVANCES IN ARTIFICIAL INTELLIGENCE, 2005, 3809 : 153 - 163
  • [35] Hybrid intrusion detection system using machine learning
    Meryem A.
    Ouahidi B.E.
    Network Security, 2020, 2020 (05) : 8 - 19
  • [36] Network Intrusion Detection System using Deep Learning
    Ashiku, Lirim
    Dagli, Cihan
    BIG DATA, IOT, AND AI FOR A SMARTER FUTURE, 2021, 185 : 239 - 247
  • [37] Deep learning-based intrusion detection system for in-vehicle networks with knowledge graph and statistical methods
    Alqahtani, Hamed
    Kumar, Gulshan
    INTERNATIONAL JOURNAL OF MACHINE LEARNING AND CYBERNETICS, 2024,
  • [38] A Study: Machine Learning and Deep Learning Approaches for Intrusion Detection System
    Sekhar, C. H.
    Rao, K. Venkata
    SECOND INTERNATIONAL CONFERENCE ON COMPUTER NETWORKS AND COMMUNICATION TECHNOLOGIES, ICCNCT 2019, 2020, 44 : 845 - 849
  • [39] Enhancing Intrusion Detection System Using Machine Learning and Deep Learning
    Madhusudhan, R.
    Thakur, Shubham Kumar
    Pravisha, P.
    ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 3, AINA 2024, 2024, 201 : 326 - 337
  • [40] Network intrusion detection system for IoT security using machine learning and statistical based hybrid feature selection
    Walling, Supongmen
    Lodh, Sibesh
    SECURITY AND PRIVACY, 2024, 7 (06):