Host-Level Anomaly-Based Intrusion Detection System using Rankings for Cybersecurity
Cargando...
Fecha
2020-03
Autores
Parres-Peredo, Álvaro
Título de la revista
ISSN de la revista
Título del volumen
Editor
ITESO
Resumen
Descripción
In computer systems and computer networks, security is a research area in constant evolution. Ever since Anderson proposed an intrusion detection system, many researchers have led their works towards that area with the aim of detecting both known and unknown attacks with the highest precision.
This work starts with a general overview of Intrusion Detection Systems as well as their challenges in computer network security field. Consequently, it presents a review of state-of-the-art research works on anomaly-based intrusion detection systems, which are intended to detect new types of attacks.
Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems build a single profile that characterizes the entire network traffic.
This work proposes a user-level anomaly-based intrusion detection methodology using only the network traffic at the host. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. All the similarity measures are processed by means of a moving-average filter which calculates a predominant behavior. This value is used to determine whether the user is having or not an expected behavior.
The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack for all the users tested.
Palabras clave
Cybersecurity, Computer Network, Intrusion Detection Systems, IDS, Anomalie-Based
Citación
Parres-Peredo, A. (2020). Host-Level Anomaly-Based Intrusion Detection System using Rankings for Cybersecurity", Tesis de doctora, Doctorado en Ciencias de la Ingeniería. Tlaquepaque, Jalisco: ITESO.