Spelling suggestions: "subject:"intrusion detection systems"" "subject:"ntrusion detection systems""
31 |
Machine learning and system administration : A structured literature reviewJonsson, Karl January 2020 (has links)
Denna literaturöversikt går igenom två olika system inom IT-säkerhet och hur de fungerar tillsammans med maskinlärningstekniker till en relativt ytlig nivå.Syftet med denna rapport är att kunna sammanfatta dessa system och se hur de kan hjälpa med en systemadministratörs uppgifter, hur det kan användas för automatisera och vad för positiva och negativa förändringar det kan ha på en infrastruktur.Maskinlärning kan vara ett kraftigt verktyg för systemadministratörer för att lätta på arbetsmängden som kan förekomma inom en organisation, vilket är också varför det är viktigt att diskutera när och var man ska utplacera en lösning. Den här studien ska diskutera användningen av maskinlärning och när och var det kan användas. / This literature review discusses two different systems within IT-security and how they work within machine learning to a relatively surface-level degree.The purpose of this paper is to be able to summarize these systems and see how they can help a system administrator’s assignments. how it can be used for automation and the positives and negatives.Machine learning can be a powerful tool for system administrators to alleviate the workload which can exist within an organization, which is why it is important to discuss when and where to deploy a solution.
|
32 |
Lightweight Cyberattack Intrusion Detection System for Unmanned Aerial Vehicles using Recurrent Neural NetworksWei-Cheng Hsu (10929852) 30 July 2021 (has links)
<div>Unmanned aerial vehicles (UAVs) have gained more attention in recent years because of their ability to execute various missions. However, recent works have identified vulnerabilities in UAV systems that make them more readily prone to cyberattacks. In this work, the vulnerabilities in the communication channel between the UAV and ground control station are exploited to implement cyberattacks, specifically, the denial of service and false data injection attacks. Unlike other related studies that implemented attacks in simulations, we demonstrate the actual implementation of these attacks on a Holybro S500 quadrotor with PX4 autopilot firmware and MAVLink communication protocol.</div><div><br></div><div>The goal was to create a lightweight intrusion detection system (IDS) that leverages recurrent neural networks (RNNs) to accurately detect cyberattacks, even when implemented on a resource-constrained platform. Different types of RNNs, including simple RNNs, long short-term memory, gated recurrent units, and simple recurrent units, were trained and tested on actual experimental data. A recursive feature elimination approach was carried out on selected features to remove redundant features and to create a lighter RNN IDS model. We also studied the resource consumption of these RNNs on an Arduino Uno board, the lowest-cost companion computer that can be implemented with PX4 autopilot firmware and Pixhawk autopilot boards. The results show that a simple RNN has the best accuracy while also satisfying the constraints of the selected computer.<br></div>
|
33 |
Session-based Intrusion Detection System To Map Anomalous Network TrafficCaulkins, Bruce 01 January 2005 (has links)
Computer crime is a large problem (CSI, 2004; Kabay, 2001a; Kabay, 2001b). Security managers have a variety of tools at their disposal -- firewalls, Intrusion Detection Systems (IDSs), encryption, authentication, and other hardware and software solutions to combat computer crime. Many IDS variants exist which allow security managers and engineers to identify attack network packets primarily through the use of signature detection; i.e., the IDS recognizes attack packets due to their well-known "fingerprints" or signatures as those packets cross the network's gateway threshold. On the other hand, anomaly-based ID systems determine what is normal traffic within a network and reports abnormal traffic behavior. This paper will describe a methodology towards developing a more-robust Intrusion Detection System through the use of data-mining techniques and anomaly detection. These data-mining techniques will dynamically model what a normal network should look like and reduce the false positive and false negative alarm rates in the process. We will use classification-tree techniques to accurately predict probable attack sessions. Overall, our goal is to model network traffic into network sessions and identify those network sessions that have a high-probability of being an attack and can be labeled as a "suspect session." Subsequently, we will use these techniques inclusive of signature detection methods, as they will be used in concert with known signatures and patterns in order to present a better model for detection and protection of networks and systems.
|
34 |
Explainable Intrusion Detection Systems using white box techniquesAbles, Jesse 08 December 2023 (has links) (PDF)
Artificial Intelligence (AI) has found increasing application in various domains, revolutionizing problem-solving and data analysis. However, in decision-sensitive areas like Intrusion Detection Systems (IDS), trust and reliability are vital, posing challenges for traditional black box AI systems. These black box IDS, while accurate, lack transparency, making it difficult to understand the reasons behind their decisions. This dissertation explores the concept of eXplainable Intrusion Detection Systems (X-IDS), addressing the issue of trust in X-IDS. It explores the limitations of common black box IDS and the complexities of explainability methods, leading to the fundamental question of trusting explanations generated by black box explainer modules. To address these challenges, this dissertation presents the concept of white box explanations, which are innately explainable. While white box algorithms are typically simpler and more interpretable, they often sacrifice accuracy. However, this work utilized white box Competitive Learning (CL), which can achieve competitive accuracy in comparison to black box IDS. We introduce Rule Extraction (RE) as another white box technique that can be applied to explain black box IDS. It involves training decision trees on the inputs, weights, and outputs of black box models, resulting in human-readable rulesets that serve as global model explanations. These white box techniques offer the benefits of accuracy and trustworthiness, which are challenging to achieve simultaneously. This work aims to address gaps in the existing literature, including the need for highly accurate white box IDS, a methodology for understanding explanations, small testing datasets, and comparisons between white box and black box models. To achieve these goals, the study employs CL and eclectic RE algorithms. CL models offer innate explainability and high accuracy in IDS applications, while eclectic RE enhances trustworthiness. The contributions of this dissertation include a novel X-IDS architecture featuring Self-Organizing Map (SOM) models that adhere to DARPA’s guidelines for explainable systems, an extended X-IDS architecture incorporating three CL-based algorithms, and a hybrid X-IDS architecture combining a Deep Neural Network (DNN) predictor with a white box eclectic RE explainer. These architectures create more explainable, trustworthy, and accurate X-IDS systems, paving the way for enhanced AI solutions in decision-sensitive domains.
|
35 |
A Trusted Environment for MPI ProgramsFlorez-Larrahondo, German 13 December 2002 (has links)
Several algorithms have been proposed to implement intrusion detection systems (IDS) based on the idea that anomalies in the behavior of a system might be produced by a set of actions of an intruder or by a system fault. Almost no previous research has been conducted in the area of anomaly detection for high performance clusters. The research reported in this thesis demonstrates that the analysis of sequences of function calls issued by one or more processes can be used to verify the correct execution of parallel programs written in C/C++ with the Message Passing Interface (MPI) in a cluster of Linux workstations. The functions calls were collected via library interposition. Two anomaly detection algorithms previously reported to be effective methods for anomaly detection in sequences of system calls, Hidden Markov Model and sequence matching, were implemented and tested. In general, the simpler sequence matching algorithm out-performed the Hidden Markov Model.
|
36 |
Immune Based Event-Incident Model for Intrusion Detection Systems: A Nature Inspired Approach to Secure ComputingVasudevan, Swetha 26 June 2007 (has links)
No description available.
|
37 |
Performance Evaluation Study of Intrusion Detection Systems.Alhomoud, Adeeb M., Munir, Rashid, Pagna Disso, Jules F., Al-Dhelaan, A., Awan, Irfan U. 2011 August 1917 (has links)
With the thriving technology and the great increase in the usage of computer networks, the risk of having these network to be under attacks have been increased. Number of techniques have been created and designed to help in detecting and/or preventing such attacks. One common technique is the use of Network Intrusion Detection / Prevention Systems NIDS. Today, number of open sources and commercial Intrusion Detection Systems are available to match enterprises requirements but the performance of these Intrusion Detection Systems is still the main concern. In this paper, we have tested and analyzed the performance of the well know IDS system Snort and the new coming IDS system Suricata. Both Snort and Suricata were implemented on three different platforms (ESXi virtual server, Linux 2.6 and FreeBSD) to simulate a real environment. Finally, in our results and analysis a comparison of the performance of the two IDS systems is provided along with some recommendations as to what and when will be the ideal environment for Snort and Suricata.
|
38 |
Adversarial Attacks Against Network Intrusion Detection SystemsSanidhya Sharma (19203919) 26 July 2024 (has links)
<p dir="ltr">The explosive growth of computer networks over the past few decades has significantly enhanced communication capabilities. However, this expansion has also attracted malicious attackers seeking to compromise and disable these networks for personal gain. Network Intrusion Detection Systems (NIDS) were developed to detect threats and alert users to potential attacks. As the types and methods of attacks have grown exponentially, NIDS have struggled to keep pace. A paradigm shift occurred when NIDS began using Machine Learning (ML) to differentiate between anomalous and normal traffic, alleviating the challenge of tracking and defending against new attacks. However, the adoption of ML-based anomaly detection in NIDS has unraveled a new avenue of exploitation due to the inherent inadequacy of machine learning models - their susceptibility to adversarial attacks.</p><p dir="ltr">In this work, we explore the application of adversarial attacks from the image domain to bypass Network Intrusion Detection Systems (NIDS). We evaluate both white-box and black-box adversarial attacks against nine popular ML-based NIDS models. Specifically, we investigate Projected Gradient Descent (PGD) attacks on two ML models, transfer attacks using adversarial examples generated by the PGD attack, the score-based Zeroth Order Optimization attack, and two boundary-based attacks, namely the Boundary and HopSkipJump attacks. Through comprehensive experiments using the NSL-KDD dataset, we find that logistic regression and multilayer perceptron models are highly vulnerable to all studied attacks, whereas decision trees, random forests, and XGBoost are moderately vulnerable to transfer attacks or PGD-assisted transfer attacks with approximately 60 to 70% attack success rate (ASR), but highly susceptible to targeted HopSkipJump or Boundary attacks with close to a 100% ASR. Moreover, SVM-linear is highly vulnerable to both transfer attacks and targeted HopSkipJump or Boundary attacks achieving around 100% ASR, whereas SVM-rbf is highly vulnerable to transfer attacks with a 77% ASR but only moderately to targeted HopSkipJump or Boundary attacks with a 52% ASR. Finally, both KNN and Label Spreading models exhibit robustness against transfer-based attacks with less than 30% ASR but are highly vulnerable to targeted HopSkipJump or Boundary attacks with a 100% ASR with a large perturbation. Our findings may provide insights for designing future NIDS that are robust against potential adversarial attacks.</p>
|
39 |
Using metrics from multiple layers to detect attacks in wireless networksAparicio-Navarro, Francisco J. January 2014 (has links)
The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place. The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack.
|
40 |
Um modelo dinâmico de clusterização de dados aplicado na detecção de intrusãoFurukawa, Rogério Akiyoshi 25 April 2003 (has links)
Atualmente, a segurança computacional vem se tornando cada vez mais necessária devido ao grande crescimento das estatísticas que relatam os crimes computacionais. Uma das ferramentas utilizadas para aumentar o nível de segurança é conhecida como Sistemas de Detecção de Intrusão (SDI). A flexibilidade e usabilidade destes sistemas têm contribuído, consideravelmente, para o aumento da proteção dos ambientes computacionais. Como grande parte das intrusões seguem padrões bem definidos de comportamento em uma rede de computadores, as técnicas de classificação e clusterização de dados tendem a ser muito apropriadas para a obtenção de uma forma eficaz de resolver este tipo de problema. Neste trabalho será apresentado um modelo dinâmico de clusterização baseado em um mecanismo de movimentação dos dados. Apesar de ser uma técnica de clusterização de dados aplicável a qualquer tipo de dados, neste trabalho, este modelo será utilizado para a detecção de intrusão. A técnica apresentada neste trabalho obteve resultados de clusterização comparáveis com técnicas tradicionais. Além disso, a técnica proposta possui algumas vantagens sobre as técnicas tradicionais investigadas, como realização de clusterizações multi-escala e não necessidade de determinação do número inicial de clusters / Nowadays, the computational security is becoming more and more necessary due to the large growth of the statistics that describe computer crimes. One of the tools used to increase the safety level is named Intrusion Detection Systems (IDS). The flexibility and usability of these systems have contributed, considerably, to increase the protection of computational environments. As large part of the intrusions follows behavior patterns very well defined in a computers network, techniques for data classification and clustering tend to be very appropriate to obtain an effective solutions to this problem. In this work, a dynamic clustering model based on a data movement mechanism are presented. In spite of a clustering technique applicable to any data type, in this work, this model will be applied to the detection intrusion. The technique presented in this work obtained clustering results comparable to those obtained by traditional techniques. Besides the proposed technique presents some advantages on the traditional techniques investigated, like multi-resolution clustering and no need to previously know the number of clusters
|
Page generated in 0.1354 seconds