Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets
Today, the occurrence of zero-day and complex attacks in high-speed networks
is increasingly common due to the high number vulnerabilities in the cyber
world. As a result, intrusions become more sophisticated and fast to
detrimental the networks and hosts. Due to these reasons real-time monitoring,
processing and intrusion detection are now among the key features of NIDS.
Traditional types of intrusion detection systems such as signature base IDS are
not able detect intrusions with new and complex strategies. Now days,
automatic traffic analysis and anomaly intrusion detection became more
efficient in field of network security however they suffer from high number of
false alarms. Among all type of anomaly detection methods unsupervised
machine-learning techniques are commonly applied in NIDS to detect unknown
and complex attacks in the network without any prior knowledge. This
dissertation manly focuses on analyzing network traffic to find abnormal
behavior in real time. The proposed framework consists of network traffic
preprocessing, anomaly detection and clustering methods. The proposed
framework is capable of generating meaningful reports related to the detection
of real intrusions in well-known datasets. Unsupervised learning methods are
capable of adapting their required features to the dynamically behavior of the
network. Due to unfeasibility of payloads checking in high-speed network the
proposed framework monitors network flows instead. Network flow contains
the behavior of the network in higher extensive vision and shows the
explicitness of the network data, which results in faster and higher detection
rate of network attacks. This research shows that by using proper data
preprocessing and unsupervised data analyzing methods it is possible to detect
fast and complex zero days (new) attack in real time. The practical experiments
are presented in the included articles.
...
Julkaisija
University of JyväskyläISBN
978-951-39-6452-8ISSN Hae Julkaisufoorumista
1456-5390Julkaisuun sisältyy osajulkaisuja
- Article I: Etemad, F. F. & Amoli, P. V. 2012. Real-time Botnet command and control characterization at the host level. Telecommunications (IST), 2012 Sixth International Symposium on. Tehran, Iran: IEEE, 1005-1009.>DOI: 10.1109/ISTEL.2012.6483133
- Article II: Amoli, P. V. & Hämäläinen, T. 2013. A real time unsupervised NIDS for detecting unknown and encrypted network attacks in high speed network. Measurements and Networking Proceedings (M&N), 2013 IEEE International Workshop on. Naples, Italy: IEEE, 149-154. DOI: 10.1109/IWMN.2013.6663794
- Article III: Hosseinpour, F., Ramadass, S., Meulenberg, A., Amoli, P. V. & Moghaddasi, Z. 2013. Distributed Agent Based Model for Intrusion Detection System Based on Artificial Immune System. International Journal of Digital Content Technology and its Applications (JDCTA) 7(9), 206-214. 10.4156/jdcta.vol7.issue9.26
- Article IV: Hosseinpour, F., Amoli, P. V., Farahnakian, F., Plosila, J. & Hämäläinen, T. 2014. Artificial Immune System Based Intrusion Detection: Innate Immunity using an Unsupervised Learning Approach. International Journal of Digital Content Technology and its Applications (JDCTA) 8(5), 1-12.
- Article V:. Amoli, P. V., Hämäläinen, T., David, G., Zolotukhin, M. & Mirzamohammad, M. (Accepted Nov/2015). Unsupervised Network Intrusion Detection Systems for Zero-Day Fast-Spreading Attacks and Botnets. International Journal of Digital Content Technology and its Applications (JDCTA)
Asiasanat
Metadata
Näytä kaikki kuvailutiedotKokoelmat
- Väitöskirjat [3598]
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
On data mining applications in mobile networking and network security
Zolotukhin, Mikhail (University of Jyväskylä, 2014) -
Intrusion detection applications using knowledge discovery and data mining
Juvonen, Antti (University of Jyväskylä, 2014) -
Anomaly-based online intrusion detection system as a sensor for cyber security situational awareness system
Kokkonen, Tero (University of Jyväskylä, 2016)Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same ... -
On Attacking Future 5G Networks with Adversarial Examples : Survey
Zolotukhin, Mikhail; Zhang, Di; Hämäläinen, Timo; Miraghaei, Parsa (MDPI AG, 2023)The introduction of 5G technology along with the exponential growth in connected devices is expected to cause a challenge for the efficient and reliable network resource allocation. Network providers are now required to ... -
UInDeSI4.0 : An efficient Unsupervised Intrusion Detection System for network traffic flow in Industry 4.0 ecosystem
Shukla, Amit, K.; Srivastav, Shubham; Kumar, Sandeep; Muhuri, Pranab, K. (Elsevier BV, 2023)In an Industry 4.0 ecosystem, all the essential components are digitally interconnected, and automation is integrated for higher productivity. However, it invites the risk of increasing cyber-attacks amid the current cyber ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.