Visible to the public Biblio

Found 163 results

Filters: Keyword is anomaly detection  [Clear All Filters]
2020-09-18
Rasapour, Farhad, Serra, Edoardo, Mehrpouyan, Hoda.  2019.  Framework for Detecting Control Command Injection Attacks on Industrial Control Systems (ICS). 2019 Seventh International Symposium on Computing and Networking (CANDAR). :211—217.
This paper focuses on the design and development of attack models on the sensory channels and an Intrusion Detection system (IDS) to protect the system from these types of attacks. The encoding/decoding formulas are defined to inject a bit of data into the sensory channel. In addition, a signal sampling technique is utilized for feature extraction. Further, an IDS framework is proposed to reside on the devices that are connected to the sensory channels to actively monitor the signals for anomaly detection. The results obtained based on our experiments have shown that the one-class SVM paired with Fourier transformation was able to detect new or Zero-day attacks.
2020-09-04
Chatterjee, Urbi, Santikellur, Pranesh, Sadhukhan, Rajat, Govindan, Vidya, Mukhopadhyay, Debdeep, Chakraborty, Rajat Subhra.  2019.  United We Stand: A Threshold Signature Scheme for Identifying Outliers in PLCs. 2019 56th ACM/IEEE Design Automation Conference (DAC). :1—2.
This work proposes a scheme to detect, isolate and mitigate malicious disruption of electro-mechanical processes in legacy PLCs where each PLC works as a finite state machine (FSM) and goes through predefined states depending on the control flow of the programs and input-output mechanism. The scheme generates a group-signature for a particular state combining the signature shares from each of these PLCs using \$(k,\textbackslashtextbackslash l)\$-threshold signature scheme.If some of them are affected by the malicious code, signature can be verified by k out of l uncorrupted PLCs and can be used to detect the corrupted PLCs and the compromised state. We use OpenPLC software to simulate Legacy PLC system on Raspberry Pi and show İ/O\$ pin configuration attack on digital and pulse width modulation (PWM) pins. We describe the protocol using a small prototype of five instances of legacy PLCs simultaneously running on OpenPLC software. We show that when our proposed protocol is deployed, the aforementioned attacks get successfully detected and the controller takes corrective measures. This work has been developed as a part of the problem statement given in the Cyber Security Awareness Week-2017 competition.
2020-08-24
Maksuti, Silia, Schluga, Oliver, Settanni, Giuseppe, Tauber, Markus, Delsing, Jerker.  2019.  Self-Adaptation Applied to MQTT via a Generic Autonomic Management Framework. 2019 IEEE International Conference on Industrial Technology (ICIT). :1179–1185.
Manufacturing enterprises are constantly exploring new ways to improve their own production processes to address the increasing demand of customized production. However, such enterprises show a low degree of flexibility, which mainly results from the need to configure new production equipment at design and run time. In this paper we propose self-adaptation as an approach to improve data transmission flexibility in Industry 4.0 environments. We implement an autonomic manager using a generic autonomic management framework, which applies the most appropriate data transmission configuration based on security and business process related requirements, such as performance. The experimental evaluation is carried out in a MQTT infrastructure and the results show that using self-adaptation can significantly improve the trade-off between security and performance. We then propose to integrate anomaly detection methods as a solution to support self-adaptation by monitoring and learning the normal behavior of an industrial system and show how this can be used by the generic autonomic management framework.
Renners, Leonard, Heine, Felix, Kleiner, Carsten, Rodosek, Gabi Dreo.  2019.  Adaptive and Intelligible Prioritization for Network Security Incidents. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–8.
Incident prioritization is nowadays a part of many approaches and tools for network security and risk management. However, the dynamic nature of the problem domain is often unaccounted for. That is, the prioritization is typically based on a set of static calculations, which are rarely adjusted. As a result, incidents are incorrectly prioritized, leading to an increased and misplaced effort in the incident response. A higher degree of automation could help to address this problem. In this paper, we explicitly consider flaws in the prioritization an unalterable circumstance. We propose an adaptive incident prioritization, which allows to automate certain tasks for the prioritization model management in order to continuously assess and improve a prioritization model. At the same time, we acknowledge the human analyst as the focal point and propose to keep the human in the loop, among others by treating understandability as a crucial requirement.
2020-08-17
Paudel, Ramesh, Muncy, Timothy, Eberle, William.  2019.  Detecting DoS Attack in Smart Home IoT Devices Using a Graph-Based Approach. 2019 IEEE International Conference on Big Data (Big Data). :5249–5258.
The use of the Internet of Things (IoT) devices has surged in recent years. However, due to the lack of substantial security, IoT devices are vulnerable to cyber-attacks like Denial-of-Service (DoS) attacks. Most of the current security solutions are either computationally expensive or unscalable as they require known attack signatures or full packet inspection. In this paper, we introduce a novel Graph-based Outlier Detection in Internet of Things (GODIT) approach that (i) represents smart home IoT traffic as a real-time graph stream, (ii) efficiently processes graph data, and (iii) detects DoS attack in real-time. The experimental results on real-world data collected from IoT-equipped smart home show that GODIT is more effective than the traditional machine learning approaches, and is able to outperform current graph-stream anomaly detection approaches.
2020-08-07
Liu, Donglan, Zhang, Hao, Yu, Hao, Liu, Xin, Zhao, Yong, Lv, Guodong.  2019.  Research and Application of APT Attack Defense and Detection Technology Based on Big Data Technology. 2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC). :1—4.
In order to excavate security threats in power grid by making full use of heterogeneous data sources in power information system, this paper proposes APT (Advanced Persistent Threat) attack detection sandbox technology and active defense system based on big data analysis technology. First, the file is restored from the mirror traffic and executed statically. Then, sandbox execution was carried out to introduce analysis samples into controllable virtual environment, and dynamic analysis and operation samples were conducted. Through analyzing the dynamic processing process of samples, various known and unknown malicious code, APT attacks, high-risk Trojan horses and other network security risks were comprehensively detected. Finally, the threat assessment of malicious samples is carried out and visualized through the big data platform. The results show that the method proposed in this paper can effectively warn of unknown threats, improve the security level of system data, have a certain active defense ability. And it can effectively improve the speed and accuracy of power information system security situation prediction.
2020-08-03
Nakayama, Kiyoshi, Muralidhar, Nikhil, Jin, Chenrui, Sharma, Ratnesh.  2019.  Detection of False Data Injection Attacks in Cyber-Physical Systems using Dynamic Invariants. 2019 18th IEEE International Conference On Machine Learning And Applications (ICMLA). :1023–1030.
Modern cyber-physical systems are increasingly complex and vulnerable to attacks like false data injection aimed at destabilizing and confusing the systems. We develop and evaluate an attack-detection framework aimed at learning a dynamic invariant network, data-driven temporal causal relationships between components of cyber-physical systems. We evaluate the relative performance in attack detection of the proposed model relative to traditional anomaly detection approaches. In this paper, we introduce Granger Causality based Kalman Filter with Adaptive Robust Thresholding (G-KART) as a framework for anomaly detection based on data-driven functional relationships between components in cyber-physical systems. In particular, we select power systems as a critical infrastructure with complex cyber-physical systems whose protection is an essential facet of national security. The system presented is capable of learning with or without network topology the task of detection of false data injection attacks in power systems. Kalman filters are used to learn and update the dynamic state of each component in the power system and in-turn monitor the component for malicious activity. The ego network for each node in the invariant graph is treated as an ensemble model of Kalman filters, each of which captures a subset of the node's interactions with other parts of the network. We finally also introduce an alerting mechanism to surface alerts about compromised nodes.
2020-07-27
Rani, Sonam, Jain, Sushma.  2018.  Hybrid Approach to Detect Network Based Intrusion. 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA). :1–5.
In internet based communication, various types of attacks have been evolved. Hence, attacker easily breaches the securities. Traditional intrusion detection techniques to observe these attacks have failed and thus hefty systems are required to remove these attacks before they expose entire network. With the ability of artificial intelligence systems to adapt high computational speed, boost fault tolerance, and error resilience against noisy information, a hybrid particle swarm optimization(PSO) fuzzy rule based inference engine has been designed in this paper. The fuzzy logic based on degree of truth while the PSO algorithm based on population stochastic technique helps in learning from the scenario, thus their combination will increase the toughness of intrusion detection system. The proposed network intrusion detection system will be able to classify normal as well as anomalism behaviour in the network. DARPA-KDD99 dataset examined on this system to address the behaviour of each connection on network and compared with existing system. This approach improves the result on the basis of precision, recall and F1-score.
2020-07-24
Obert, James, Chavez, Adrian.  2019.  Graph-Based Event Classification in Grid Security Gateways. 2019 Second International Conference on Artificial Intelligence for Industries (AI4I). :63—66.
In recent years the use of security gateways (SG) located within the electrical grid distribution network has become pervasive. SGs in substations and renewable distributed energy resource aggregators (DERAs) protect power distribution control devices from cyber and cyber-physical attacks. When encrypted communications within a DER network is used, TCP/IP packet inspection is restricted to packet header behavioral analysis which in most cases only allows the SG to perform anomaly detection of blocks of time-series data (event windows). Packet header anomaly detection calculates the probability of the presence of a threat within an event window, but fails in such cases where the unreadable encrypted payload contains the attack content. The SG system log (syslog) is a time-series record of behavioral patterns of network users and processes accessing and transferring data through the SG network interfaces. Threatening behavioral pattern in the syslog are measurable using both anomaly detection and graph theory. In this paper it will be shown that it is possible to efficiently detect the presence of and classify a potential threat within an SG syslog using light-weight anomaly detection and graph theory.
2020-07-20
Boumiza, Safa, Braham, Rafik.  2019.  An Anomaly Detector for CAN Bus Networks in Autonomous Cars based on Neural Networks. 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :1–6.
The domain of securing in-vehicle networks has attracted both academic and industrial researchers due to high danger of attacks on drivers and passengers. While securing wired and wireless interfaces is important to defend against these threats, detecting attacks is still the critical phase to construct a robust secure system. There are only a few results on securing communication inside vehicles using anomaly-detection techniques despite their efficiencies in systems that need real-time detection. Therefore, we propose an intrusion detection system (IDS) based on Multi-Layer Perceptron (MLP) neural network for Controller Area Networks (CAN) bus. This IDS divides data according to the ID field of CAN packets using K-means clustering algorithm, then it extracts suitable features and uses them to train and construct the neural network. The proposed IDS works for each ID separately and finally it combines their individual decisions to construct the final score and generates alert in the presence of attack. The strength of our intrusion detection method is that it works simultaneously for two types of attacks which will eliminate the use of several separate IDS and thus reduce the complexity and cost of implementation.
Rumez, Marcel, Dürrwang, Jürgen, Brecht, Tim, Steinshorn, Timo, Neugebauer, Peter, Kriesten, Reiner, Sax, Eric.  2019.  CAN Radar: Sensing Physical Devices in CAN Networks based on Time Domain Reflectometry. 2019 IEEE Vehicular Networking Conference (VNC). :1–8.
The presence of security vulnerabilities in automotive networks has already been shown by various publications in recent years. Due to the specification of the Controller Area Network (CAN) as a broadcast medium without security mechanisms, attackers are able to read transmitted messages without being noticed and to inject malicious messages. In order to detect potential attackers within a network or software system as early as possible, Intrusion Detection Systems (IDSs) are prevalent. Many approaches for vehicles are based on techniques which are able to detect deviations from specified CAN network behaviour regarding protocol or payload properties. However, it is challenging to detect attackers who secretly connect to CAN networks and do not actively participate in bus traffic. In this paper, we present an approach that is capable of successfully detecting unknown CAN devices and determining the distance (cable length) between the attacker device and our sensing unit based on Time Domain Reflectometry (TDR) technique. We evaluated our approach on a real vehicle network.
2020-07-06
Mason, Andrew, Zhao, Yifan, He, Hongmei, Gompelman, Raymon, Mandava, Srikanth.  2019.  Online Anomaly Detection of Time Series at Scale. 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). :1–8.
Cyber breaches can result in disruption to business operations, reputation damage as well as directly affecting the financial stability of the targeted corporations, with potential impacts on future profits and stock values. Automatic network-stream monitoring becomes necessary for cyber situation awareness, and time-series anomaly detection plays an important role in network stream monitoring. This study surveyed recent research on time-series analysis methods in respect of parametric and non-parametric techniques, and popular machine learning platforms for data analysis on streaming data on both single server and cloud computing environments. We believe it provides a good reference for researchers in both academia and industry to select suitable (time series) data analysis techniques, and computing platforms, dependent on the data scale and real-time requirements.
Ben, Yongming, Han, Yanni, Cai, Ning, An, Wei, Xu, Zhen.  2019.  An Online System Dependency Graph Anomaly Detection based on Extended Weisfeiler-Lehman Kernel. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :1–6.
Modern operating systems are typical multitasking systems: Running multiple tasks at the same time. Therefore, a large number of system calls belonging to different processes are invoked at the same time. By associating these invocations, one can construct the system dependency graph. In rapidly evolving system dependency graphs, how to quickly find outliers is an urgent issue for intrusion detection. Clustering analysis based on graph similarity will help solve this problem. In this paper, an extended Weisfeiler-Lehman(WL) kernel is proposed. Firstly, an embedded vector with indefinite dimensions is constructed based on the original dependency graph. Then, the vector is compressed with Simhash to generate a fingerprint. Finally, anomaly detection based on clustering is carried out according to these fingerprints. Our scheme can achieve prominent detection with high efficiency. For validation, we choose StreamSpot, a relevant prior work, to act as benchmark, and use the same data set as it to carry out evaluations. Experiments show that our scheme can achieve the highest detection precision of 98% while maintaining a perfect recall performance. Moreover, both quantitative and visual comparisons demonstrate the outperforming clustering effect of our scheme than StreamSpot.
2020-07-03
Jia, Guanbo, Miller, Paul, Hong, Xin, Kalutarage, Harsha, Ban, Tao.  2019.  Anomaly Detection in Network Traffic Using Dynamic Graph Mining with a Sparse Autoencoder. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :458—465.

Network based attacks on ecommerce websites can have serious economic consequences. Hence, anomaly detection in dynamic network traffic has become an increasingly important research topic in recent years. This paper proposes a novel dynamic Graph and sparse Autoencoder based Anomaly Detection algorithm named GAAD. In GAAD, the network traffic over contiguous time intervals is first modelled as a series of dynamic bipartite graph increments. One mode projection is performed on each bipartite graph increment and the adjacency matrix derived. Columns of the resultant adjacency matrix are then used to train a sparse autoencoder to reconstruct it. The sum of squared errors between the reconstructed approximation and original adjacency matrix is then calculated. An online learning algorithm is then used to estimate a Gaussian distribution that models the error distribution. Outlier error values are deemed to represent anomalous traffic flows corresponding to possible attacks. In the experiment, a network emulator was used to generate representative ecommerce traffic flows over a time period of 225 minutes with five attacks injected, including SYN scans, host emulation and DDoS attacks. ROC curves were generated to investigate the influence of the autoencoder hyper-parameters. It was found that increasing the number of hidden nodes and their activation level, and increasing sparseness resulted in improved performance. Analysis showed that the sparse autoencoder was unable to encode the highly structured adjacency matrix structures associated with attacks, hence they were detected as anomalies. In contrast, SVD and variants, such as the compact matrix decomposition, were found to accurately encode the attack matrices, hence they went undetected.

Pan, Jonathan.  2019.  Physical Integrity Attack Detection of Surveillance Camera with Deep Learning based Video Frame Interpolation. 2019 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS). :79—85.

Surveillance cameras, which is a form of Cyber Physical System, are deployed extensively to provide visual surveillance monitoring of activities of interest or anomalies. However, these cameras are at risks of physical security attacks against their physical attributes or configuration like tampering of their recording coverage, camera positions or recording configurations like focus and zoom factors. Such adversarial alteration of physical configuration could also be invoked through cyber security attacks against the camera's software vulnerabilities to administratively change the camera's physical configuration settings. When such Cyber Physical attacks occur, they affect the integrity of the targeted cameras that would in turn render these cameras ineffective in fulfilling the intended security functions. There is a significant measure of research work in detection mechanisms of cyber-attacks against these Cyber Physical devices, however it is understudied area with such mechanisms against integrity attacks on physical configuration. This research proposes the use of the novel use of deep learning algorithms to detect such physical attacks originating from cyber or physical spaces. Additionally, we proposed the novel use of deep learning-based video frame interpolation for such detection that has comparatively better performance to other anomaly detectors in spatiotemporal environments.

2020-06-29
Ateş, Çağatay, Özdel, Süleyman, Yıldırım, Metehan, Anarım, Emin.  2019.  DDoS Attack Detection Using Greedy Algorithm and Frequency Modulation. 2019 27th Signal Processing and Communications Applications Conference (SIU). :1–4.
Distributed Denial of Service (DDoS) attack is one of the major threats to the network services. In this paper, we propose a DDoS attack detection algorithm based on the probability distributions of source IP addresses and destination IP addresses. According to the behavior of source and destination IP addresses during DDoS attack, the distance between these features is calculated and used.It is calculated with using the Greedy algorithm which eliminates some requirements associated with Kullback-Leibler divergence such as having the same rank of the probability distributions. Then frequency modulation is proposed in the detection phase to reduce false alarm rates and to avoid using static threshold. This algorithm is tested on the real data collected from Boğaziçi University network.
2020-06-26
Jiang, Jianguo, Chen, Jiuming, Gu, Tianbo, Choo, Kim-Kwang Raymond, Liu, Chao, Yu, Min, Huang, Weiqing, Mohapatra, Prasant.  2019.  Anomaly Detection with Graph Convolutional Networks for Insider Threat and Fraud Detection. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :109—114.

Anomaly detection generally involves the extraction of features from entities' or users' properties, and the design of anomaly detection models using machine learning or deep learning algorithms. However, only considering entities' property information could lead to high false positives. We posit the importance of also considering connections or relationships between entities in the detecting of anomalous behaviors and associated threat groups. Therefore, in this paper, we design a GCN (graph convolutional networks) based anomaly detection model to detect anomalous behaviors of users and malicious threat groups. The GCN model could characterize entities' properties and structural information between them into graphs. This allows the GCN based anomaly detection model to detect both anomalous behaviors of individuals and associated anomalous groups. We then evaluate the proposed model using a real-world insider threat data set. The results show that the proposed model outperforms several state-of-art baseline methods (i.e., random forest, logistic regression, SVM, and CNN). Moreover, the proposed model can also be applied to other anomaly detection applications.

2020-06-19
Haefner, Kyle, Ray, Indrakshi.  2019.  ComplexIoT: Behavior-Based Trust For IoT Networks. 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :56—65.

This work takes a novel approach to classifying the behavior of devices by exploiting the single-purpose nature of IoT devices and analyzing the complexity and variance of their network traffic. We develop a formalized measurement of complexity for IoT devices, and use this measurement to precisely tune an anomaly detection algorithm for each device. We postulate that IoT devices with low complexity lead to a high confidence in their behavioral model and have a correspondingly more precise decision boundary on their predicted behavior. Conversely, complex general purpose devices have lower confidence and a more generalized decision boundary. We show that there is a positive correlation to our complexity measure and the number of outliers found by an anomaly detection algorithm. By tuning this decision boundary based on device complexity we are able to build a behavioral framework for each device that reduces false positive outliers. Finally, we propose an architecture that can use this tuned behavioral model to rank each flow on the network and calculate a trust score ranking of all traffic to and from a device which allows the network to autonomously make access control decisions on a per-flow basis.

2020-06-12
Chiba, Zouhair, Abghour, Noreddine, Moussaid, Khalid, Omri, Amina El, Rida, Mohamed.  2018.  A Hybrid Optimization Framework Based on Genetic Algorithm and Simulated Annealing Algorithm to Enhance Performance of Anomaly Network Intrusion Detection System Based on BP Neural Network. 2018 International Symposium on Advanced Electrical and Communication Technologies (ISAECT). :1—6.

Today, network security is a world hot topic in computer security and defense. Intrusions and attacks in network infrastructures lead mostly in huge financial losses, massive sensitive data leaks, thus decreasing efficiency, competitiveness and the quality of productivity of an organization. Network Intrusion Detection System (NIDS) is valuable tool for the defense-in-depth of computer networks. It is widely deployed in network architectures in order to monitor, to detect and eventually respond to any anomalous behavior and misuse which can threat confidentiality, integrity and availability of network resources and services. Thus, the presence of NIDS in an organization plays a vital part in attack mitigation, and it has become an integral part of a secure organization. In this paper, we propose to optimize a very popular soft computing tool widely used for intrusion detection namely Back Propagation Neural Network (BPNN) using a novel hybrid Framework (GASAA) based on improved Genetic Algorithm (GA) and Simulated Annealing Algorithm (SAA). GA is improved through an optimization strategy, namely Fitness Value Hashing (FVH), which reduce execution time, convergence time and save processing power. Experimental results on KDD CUP' 99 dataset show that our optimized ANIDS (Anomaly NIDS) based BPNN, called “ANIDS BPNN-GASAA” outperforms several state-of-art approaches in terms of detection rate and false positive rate. In addition, improvement of GA through FVH has saved processing power and execution time. Thereby, our proposed IDS is very much suitable for network anomaly detection.

2020-06-01
Talusan, Jose Paolo, Tiausas, Francis, Yasumoto, Keiichi, Wilbur, Michael, Pettet, Geoffrey, Dubey, Abhishek, Bhattacharjee, Shameek.  2019.  Smart Transportation Delay and Resiliency Testbed Based on Information Flow of Things Middleware. 2019 IEEE International Conference on Smart Computing (SMARTCOMP). :13–18.
Edge and Fog computing paradigms are used to process big data generated by the increasing number of IoT devices. These paradigms have enabled cities to become smarter in various aspects via real-time data-driven applications. While these have addressed some flaws of cloud computing some challenges remain particularly in terms of privacy and security. We create a testbed based on a distributed processing platform called the Information flow of Things (IFoT) middleware. We briefly describe a decentralized traffic speed query and routing service implemented on this framework testbed. We configure the testbed to test countermeasure systems that aim to address the security challenges faced by prior paradigms. Using this testbed, we investigate a novel decentralized anomaly detection approach for time-sensitive distributed smart transportation systems.
2020-05-11
Üzüm, İbrahim, Can, Özgü.  2018.  An anomaly detection approach for enterprise file integration. 2018 6th International Symposium on Digital Forensic and Security (ISDFS). :1–4.
An information system based on real-time file integrations has an important role in today's organizations' work process management. By connecting to the network, file flow and integration between corporate systems have gained a great significance. In addition, network and security issues have emerged depending on the file structure and transfer processes. Thus, there has become a need for an effective and self-learning anomaly detection module for file transfer processes in order to provide the persistence of integration channels, accountability of transfer logs and data integrity. This paper proposes a novel anomaly detection approach that focuses on file size and integration duration of file transfers between enterprise systems. For this purpose, size and time anomalies on transferring files will be detected by a machine learning-based structure. Later, an alarm system is going to be developed in order to inform the authenticated individuals about the anomalies.
Chae, Younghun, Katenka, Natallia, DiPippo, Lisa.  2019.  An Adaptive Threshold Method for Anomaly-based Intrusion Detection Systems. 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA). :1–4.
Anomaly-based Detection Systems (ADSs) attempt to learn the features of behaviors and events of a system and/or users over a period to build a profile of normal behaviors. There has been a growing interest in ADSs and typically conceived as more powerful systems One of the important factors for ADSs is an ability to distinguish between normal and abnormal behaviors in a given period. However, it is getting complicated due to the dynamic network environment that changes every minute. It is dangerous to distinguish between normal and abnormal behaviors with a fixed threshold in a dynamic environment because it cannot guarantee the threshold is always an indication of normal behaviors. In this paper, we propose an adaptive threshold for a dynamic environment with a trust management scheme for efficiently managing the profiles of normal and abnormal behaviors. Based on the assumption of the statistical analysis-based ADS that normal data instances occur in high probability regions while malicious data instances occur in low probability regions of a stochastic model, we set two adaptive thresholds for normal and abnormal behaviors. The behaviors between the two thresholds are classified as suspicious behaviors, and they are efficiently evaluated with a trust management scheme.
OUIAZZANE, Said, ADDOU, Malika, BARRAMOU, Fatimazahra.  2019.  A Multi-Agent Model for Network Intrusion Detection. 2019 1st International Conference on Smart Systems and Data Science (ICSSD). :1–5.
The objective of this paper is to propose a distributed intrusion detection model based on a multi agent system. Mutli Agent Systems (MAS) are very suitable for intrusion detection systems as they meet the characteristics required by the networks and Big Data issues. The MAS agents cooperate and communicate with each other to ensure the effective detection of network intrusions without the intervention of an expert as used to be in the classical intrusion detection systems relying on signature matching to detect known attacks. The proposed model helped to detect known and unknown attacks within big computer infrastructure by responding to the network requirements in terms of distribution, autonomy, responsiveness and communication. The proposed model is capable of achieving a good and a real time intrusion detection using multi-agents paradigm and Hadoop Distributed File System (HDFS).
singh, Kunal, Mathai, K. James.  2019.  Performance Comparison of Intrusion Detection System Between Deep Belief Network (DBN)Algorithm and State Preserving Extreme Learning Machine (SPELM) Algorithm. 2019 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT). :1–7.

This paper work is focused on Performance comparison of intrusion detection system between DBN Algorithm and SPELM Algorithm. Researchers have used this new algorithm SPELM to perform experiments in the area of face recognition, pedestrian detection, and for network intrusion detection in the area of cyber security. The scholar used the proposed State Preserving Extreme Learning Machine(SPELM) algorithm as machine learning classifier and compared it's performance with Deep Belief Network (DBN) algorithm using NSL KDD dataset. The NSL- KDD dataset has four lakhs of data record; out of which 40% of data were used for training purposes and 60% data used in testing purpose while calculating the performance of both the algorithms. The experiment as performed by the scholar compared the Accuracy, Precision, recall and Computational Time of existing DBN algorithm with proposed SPELM Algorithm. The findings have show better performance of SPELM; when compared its accuracy of 93.20% as against 52.8% of DBN algorithm;69.492 Precision of SPELM as against 66.836 DBN and 90.8 seconds of Computational time taken by SPELM as against 102 seconds DBN Algorithm.

Althubiti, Sara A., Jones, Eric Marcell, Roy, Kaushik.  2018.  LSTM for Anomaly-Based Network Intrusion Detection. 2018 28th International Telecommunication Networks and Applications Conference (ITNAC). :1–3.
Due to the massive amount of the network traffic, attackers have a great chance to cause a huge damage to the network system or its users. Intrusion detection plays an important role in ensuring security for the system by detecting the attacks and the malicious activities. In this paper, we utilize CIDDS dataset and apply a deep learning approach, Long-Short-Term Memory (LSTM), to implement intrusion detection system. This research achieves a reasonable accuracy of 0.85.