08076830.pdf (9.07 MB)
0/0

Using pattern-of-life as contextual information for anomaly-based intrusion detection systems

Download (9.07 MB)
journal contribution
posted on 21.09.2017 by Francisco J. Aparicio-Navarro, Kostas Kyriakopoulos, Yu Gong, David J. Parish, Jonathon Chambers
As the complexity of cyber-attacks keeps increasing, new robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high-level information related to the protected network. To this aim, we make use of the Pattern-of-Life (PoL) of a computer network as the main source of high-level information. We propose two novel approaches that make use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. There are four main aims of the work. First, to evaluate the efficiency of the proposed approaches in identifying the presence of attacks. Second, to identify which of the proposed approaches to integrate FCM into the IDS framework produces the best results. Third, to identify which of the metrics used in the design of the FCM produces the best detection results. Fourth, to evidence the improved detection performance that contextual information can offer in IDSs. The results that we present verify that the proposed approaches improve the effectiveness of our IDS by reducing the total number of false alarms; providing almost perfect Detection Rate (i.e. 99.76%), and only 6.33% False Positive Rate, depending on the particular metric combination.

Funding

This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) Grant number EP/K014307/2 and the MOD University Defence Research Collaboration in Signal Processing.

History

School

  • Mechanical, Electrical and Manufacturing Engineering

Published in

IEEE Access

Volume

5

Citation

APARICIO-NAVARRO, F.J. ... et al, 2017. Using pattern-of-life as contextual information for anomaly-based intrusion detection systems. IEEE Access, 5, pp. 22177-22193.

Publisher

IEEE

Version

VoR (Version of Record)

Publisher statement

This work is made available according to the conditions of the Creative Commons Attribution 3.0 Unported (CC BY 3.0) licence. Full details of this licence are available at: http://creativecommons.org/licenses/by/3.0/

Acceptance date

16/09/2017

Publication date

2017-10-20

Notes

This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/.

ISSN

2169-3536

Language

en

Licence

Exports